When the PGP policy is not set to force encryption, new users who enroll on a machine are not automatically added to the whole disk encryption(WDE) disk user list. This means the affected users cannot authenticate through bootguard.
PGP development has reported that the product was intentionally written this way.
Use force encryption in policy or implement a procedure to add the user to the WDE disk users list via pgpwde commands on command line or via scripting.
A request has been submitted to change this behavior so all enrolling users are added to the WDE disk user list, regardless of policy. As of PGP Desktop version 10.2.1MP5 this request is still under evaluation.