PGP Support Package for BlackBerry users cannot enroll with PGP Universal Server\Symantec Encryption Management Server (SEMS).

The Client log on SEMS contains warnings similar to the following, where YYYY/MM/DD is the date, domain is the Windows Domain name and username is the Windows username of the user trying to enroll:

YYYY/MM/DD 14:56:15 +01:00  WARN   pgp/client[8350]:     CLIENT-00029: ldap operation result: -7, Bad search filter

YYYY/MM/DD 14:56:15 +01:00  WARN   pgp/client[8350]:     CLIENT-00029: failed authentication for internal PGP Desktop 9.0.0.0 user domain\username from [10.9.8.7]

The PGP Support Package for BlackBerry user has entered their username as domain\username.  Using the backslash character causes the LDAP search carried out by SEMS on Active Directory to fail because it cannot find the user in Active Directory.

The PGP Support Package for BlackBerry user should enroll using username or [email protected] rather than domain\username.

Alternatively, instead of using Domain username/password enrolment configure the BES to use Email enrolment instead. This requires the user to enter their email address which can be easier for end users.

Applies To

PGP Universal Server 3.1 to 3.2.1

Symantec Encryption Management Server 3.3

PGP Support Package for BlackBerry with Domain username/password enrolment configured on the BES (BlackBerry Enterprise Server).