Login Keychain must be unlocked in order for Encryption Desktop policy Updates and Enrollments to complete

book

Article ID: 157206

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Login Keychain must be unlocked in order for Encryption Desktop policy Updates and Enrollments to complete

 

Enrollment failed because of the following error: corrupt data

Policy Updates will not occur if Login keychain is not unlocked for Encryption Desktop

 

Cause

The Encryption Enrollment process and Policy updates for the clients require the Mac Login Keychain to be in sync and accessible in order to complete successfully.

Mac OSX has a Login keychain that is synchronized with the user's Login to the current user profile on the Mac system.  If a user forgets his/her profile password, it is possible to reset it, however once the profile password has been reset, the Login keychain password must then be synchronized with the new login password.  If the Login keychain is not synchronized, this will cause Encryption policy update issues, as well as enrollment issues with the Symantec Encryption Management Server Server.

If the Login Keychain password is unknown, a new Login keychain would then need to be recreated.  Please consult the documentation available from Apple in order to rectify Login Keychain issues.

The Enrollment process downloads an enrollment cookie and places it into the Login Keychain for further Encryption Desktop operations.

 

Resolution

Depending on what is done to resolve the Login Keychain issues, different steps should then be taken.

Solution 1:

If the Login Keychain issues have been resolved by synchronizing the new Mac User Profile password to the existing Login Keychain, then this should resolve the issue.  The Login Keychain password will typically be synchronized if the user changes the profile password within Mac OS.  If the User's password has been changed via other means, then the password would then need to be synchronized manually.

 

Solution 2:

If the Login Keychain issue was resolved by creating a completely new Login Keychain, then Encryption Enrollment must be completed again in order to download the new Enrollment cookie.

 To re-enroll a client after creating a new Mac Login Keychain, please see he following article:

TECH178358