ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Login Keychain must be unlocked in order for Encryption Desktop policy Updates and Enrollments to complete


Article ID: 157206


Updated On:


Symantec Products


Login Keychain must be unlocked in order for Encryption Desktop policy Updates and Enrollments to complete


Enrollment failed because of the following error: corrupt data

Policy Updates will not occur if Login keychain is not unlocked for Encryption Desktop



The Encryption Enrollment process and Policy updates for the clients require the Mac Login Keychain to be in sync and accessible in order to complete successfully.

Mac OSX has a Login keychain that is synchronized with the user's Login to the current user profile on the Mac system.  If a user forgets his/her profile password, it is possible to reset it, however once the profile password has been reset, the Login keychain password must then be synchronized with the new login password.  If the Login keychain is not synchronized, this will cause Encryption policy update issues, as well as enrollment issues with the Symantec Encryption Management Server Server.

If the Login Keychain password is unknown, a new Login keychain would then need to be recreated.  Please consult the documentation available from Apple in order to rectify Login Keychain issues.

The Enrollment process downloads an enrollment cookie and places it into the Login Keychain for further Encryption Desktop operations.



Depending on what is done to resolve the Login Keychain issues, different steps should then be taken.

Solution 1:

If the Login Keychain issues have been resolved by synchronizing the new Mac User Profile password to the existing Login Keychain, then this should resolve the issue.  The Login Keychain password will typically be synchronized if the user changes the profile password within Mac OS.  If the User's password has been changed via other means, then the password would then need to be synchronized manually.


Solution 2:

If the Login Keychain issue was resolved by creating a completely new Login Keychain, then Encryption Enrollment must be completed again in order to download the new Enrollment cookie.

 To re-enroll a client after creating a new Mac Login Keychain, please see he following article: