After entering their Active Directory username and password correctly, an Encryption Desktop user is unable to enroll. They are continually prompted for their username and password.
The Encryption Management Server Client log contains the error:
Duplicate key violates unique constraint "email_idx"
The user trying to enroll has one or more secondary email addresses associated with their Active Directory account. One of these secondary email addresses may already be in use by a Consumer account in Encryption Management Server.
This can occur under the following circumstances:
This issue can also occur if the Active Directory record for the user who is trying to enroll has a primary email address in the proxyAddresses
field that does not match the mail
field (the email address in proxyAddresses
that is listed with SMTP
in capital letters is the primary email address).
proxyAddresses: notes:Steven Lastname/Staff/[email protected]
proxyAddresses: smtp:[email protected]
proxyAddresses: SMTP:[email protected]
proxyAddresses: smtp:[email protected]
mail: [email protected]
Note that in this example the mail
field does not match the proxyAddresses
entry that has SMTP
capitalized.
proxyAddresses: notes:Steven Lastname/Staff/[email protected]
proxyAddresses: smtp:[email protected]
proxyAddresses: SMTP:Steven.Lastn[email protected]
proxyAddresses: smtp:[email protected]
mail: [email protected]
Note that in this example the mail
field does match the proxyAddresses
entry that has SMTP
capitalized.
mail
field are identical. Note that Encryption Management Server prior to release 3.4 does a case sensitive comparison of email addresses, so in releases prior to 3.4 the email address in these two fields must use the same case. The validate_enroll script attached to article TECH228315 can be used to check the attributes of an Active Directory user.