Symantec Encryption Server 3.3.0 - Resolved Issues

book

Article ID: 158192

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

This article details a list of resolved issues in Symantec Encryption Server 3.3.0 including all Maintenance Packs (MP).

 

Resolution

Symantec Encryption Management Server 3.3.0 MP3: Resolved Issues

Security

  • Resolved the CVE vulnerability (CVE-2003-1418) with the Apache Web server. [3113829]
  • Resolved the CVE vulnerability (CVE-2012-3499) with Symantec Encryption Management Server by no longer loading the mod_status module. [3142514]
     

Administrative Interface

  • Resolved an issue with Symantec Encryption Management Server for System>General Settings, under Server Information, so that the Set System Time dialog now initializes the “Time Zone” to null and no longer provides a default value for “Use NTP Server.” [3111318]
  • Resolved an issue with Symantec Encryption Management Server so that daily emails are now sent when the administrator selects the “Send Daily Status Email” option. [3133221]
  • Resolved an issue with Symantec Encryption Management Server so that following a PUP update, the Log drop-down list on the Reporting>Logs page includes the entry “Clustering SSL.” [3212955]
     

Symantec Encryption Web Email Protection

  • Resolved an issue with Symantec Encryption Web Email Protection so that an email reply now correctly handles whitespace between the name and email address or special characters in the email address. [2727421, 3156508]
  • Fixed an issue with Symantec Encryption Web Email Protection so that custom templates work consistently. [3113087]
     

Symantec Encryption Desktop

  • Resolved an issue so that a corrupt-data message is no longer written to the Symantec Encryption Desktop log file. This message was triggered when drive encryption was paused and the user restarted the computer. Then the user authenticated at the PGP BootGuard login screen using a WDRT, created a new password in Windows, and updated the policy from the PGP Tray icon. [2732874]
  • Resolved an issue with Symantec Encryption Desktop so that when PGP Zip is disabled by policy, it is not listed in the Windows New Document context menu. [3063580]
  • Resolved an issue with Symantec Drive Encryption for Mac OS X where client computer identification information (for example, hostname) was not being sent consistently to the Symantec Encryption Management Server. [3083851]
  • Resolved an issue with Symantec Encryption Desktop where a missing UUID registry entry on a client computer is now properly handled: for computers already encrypted with Symantec Drive Encryption, persistent entries are written to the client and server logs; for unencrypted computers, encryption is prevented. [3084742]
  • Resolved an issue with Symantec Encryption Management Server so that the licensee count increases each time a Symantec Encryption Desktop client enrolls. [3118293]
  • Resolved an issue with Symantec Encryption Management Server so that when you click “Refresh Groups” from Symantec File Share Encryption on a managed client, for a protected folder, the client checks with the server and notifies you if a group has changed and instructs you to re-encrypt the folder. [3149727]
  • Resolved an issue with Symantec Encryption Desktop so that super silent enrollment with cached credentials now works. [3195159]
     

Keys and Certificates

  • Resolved an issue with Symantec Encryption Management Server when performing certificate path validation in the case where multiple X.509 CA certificates with identical names are present. [2476060]
  • You can now successfully change the user key mode for an existing key from SKM to GKM for Windows clients. [3207580]
  • Resolved an issue with the Symantec Encryption Management Server so that when an additional decryption key (ADK) is used, client enrollment is successful and the ADK is added to the keyring on the clients. [3177851]
  • Resolved an issue with Symantec Encryption Management Server where adding an ADK to a Consumer Policy now saves the ADK on the server and downloads it to the user’s keyring when a Symantec Encryption Desktop client enrolls. [3179440]
     

 

Symantec Encryption Management Server 3.3.0 MP2: Resolved Issues

Compatibility with Mac OS X 10.8.4
This release supports the installation of Symantec Desktop Encryption on systems running Mac OS X 10.8.4.

Compatibility with Microsoft Outlook 2013
Symantec Encryption Desktop 10.3 MP2 for Windows supports the use of the Symantec™ Desktop Email Encryption, Powered by PGP Technology component for Microsoft Outlook 2013 (32-bit) with Windows 8 and Exchange 2010.

Compatibility with New Linux Packages
This release supports the installation of Symantec Drive Encryption for Linux on Ubuntu 12.04 LTS (32-bit and 64-bit versions) and Red Hat Enterprise Linux/CentOS 5.9, 6.3, and 6.4 (32-bit and 64-bit versions).

Security

  • Resolved the CVE vulnerabilities (CVE-2008-2937, CVE-2011-0411) with Postfix. [3179859]
  • Resolved the CVE vulnerability (CVE-2012-4929). [3179869]
  • Resolved a possible cross-site scripting vulnerability due to a misflagged cookie. [3179875]
  • Removed a possible cross-site scripting vulnerability in Symantec Web Email Protection. [3183716]
  • Resolved a potential cross-site scripting (XSS) vulnerability with Symantec Encryption Management Server. [3183721, 3185990]
     

Administrative Interface

  • Information about what version of Windows a client is installed on now appears on the Devices page. [3106363]
  • The Web Messenger log has been renamed to the Web Email Protection log to reflect product rebranding. [3178670]
  • Resolved the issue with Symantec Encryption Management Server management console so that when the ‘Delete All Matching’ option is selected, only machines that qualify are deleted, not all of the machines. [3178815]
  • Resolved an issue that prevented successful keyserver searches. [3179523]
  • The Symantec Drive Encryption Activity report now shows the correct number of entries for users with more than one device, with no missing or duplicated entries. [3179889]
  • Resolved an issue with Symantec Encryption Management Server so that the nightly SCAN operation no longer generates exception stack traces when updating or inserting due to a database foreign key constraint violation. All user data are now replicated to the other cluster members. [3198384]
     

Messaging

  • Resolved an issue so that when the Mail Policy is set to bounce an email when suitable key is not found, the Notifier displays the "Email blocked to all recipients" message and the Non Delivery Report (NDR) contains the "Your message did not reach any of the intended recipients" message. [3178978]
  • Resolved an issue with Symantec Encryption Management Server where inbound TLS sessions would occasionally fail with a protocol error. This caused incoming mail to be queued on the sending mail server, resulting in a delivery delay. [3179437]
     

Upgrade and Migration

  • Resolved an issue that caused errors to appear when upgrading from Symantec Encryption Management Server 3.2.1 MP3. [3178746]
  • Migration errors no longer occur when upgrading from PGP Universal Server 3.2 MP5. [3178951]
  • Duplicate preferences settings are now removed at upgrade. [3179069]
  • Migration no longer causes missing preferences. [3179086]
     

Symantec Encryption Web Email Protection

  • Resolved an issue where case sensitivity with respect to the recipient’s email address caused the recipient to be unable to access Symantec Web Email Protection messages. [3178717]
  • The First, Previous, Next, and Last buttons now work as expected in the Symantec Web Email Protector mailbox interface. [3178724]
  • Symantec Web Email Protection now correctly requires both the user's email address and passphrase to log in. [3178778]
  • Resolved an issue with Symantec Encryption Management Server so that complete customization of Symantec Web Email Protection now allows a customer to change all references to the product name. [3178797]
     

Symantec Encryption Desktop

  • You can now use the pgpusermanager.py script to exclude from deletion users who have not checked in to the Symantec Encryption Management Server. [3118320]
  • Resolved an issue with Symantec Drive Encryption where user re-enrollment was incorrectly generating a -12000 error under some conditions. [3136792]
  • Resolved an issue where key searches through USP did not return user keys if the user's group is associated with the Excluded consumer policy, even if the Excluded policy is not the effective policy. Now user keys are only not returned if the consumer policy in effect is the Excluded policy. [3178779]
  • Resolved the issue with Symantec Encryption Desktop so that disabling the Microsoft Outlook 2010 “Skip Signature Check” button no longer produces an error. [3178987]
  • Resolved the issue so that 9.x and 10.0.x clients no longer display an error about a missing license when Symantec Encryption Management Server has been updated to version 3.3 MP2. If, after updating, the error is still there, navigate to the license and click the Use Default button. Then stop and restart services. [3179491]
     

Keys and Certificates

  • Resolved an issue so that the X.509 certificates generated by Symantec Encryption Managements Server include the Key Agreement value in the Key Usage properties. [3179063]
  • Resolved an issue so that Root Certificates imported to PGP Universal Server 3.2 can be used to establish TLS negotiations after upgrading. [3179077]
  • You can now successfully change user keys from SKM to GKM for Mac OS X clients. [3207575]
     

 

Symantec Encryption Management Server 3.3.0 MP1: Resolved Issues

Messaging

  • Resolved the issue where the Symantec Encryption Management Server used inconsistent domain names in messages to external users. For more information, contact Support and request assistance with the Symantec Knowledgebase article TECH201490 [2837777]
     

Clustering

  • Resolved an issue where an unreachable DNS caused clusters to fail and be unable to recover. [2887115]
  • Resolved an issue where changing a user's primary email address caused the user to disappear from the cluster. [3017067]
     

Administrative Interface

  • Resolved an issue where Symantec Encryption Management Server used an incorrect domain name for user names with colons. [2851687]
  • Symantec Encryption Management Server now correctly reports client IP addresses when using X- Forwarded-For headers with a Cisco ACE appliance. [2885549]
  • You can now sort users on the Groups page by Name, Username, User Type and Email Address. [2858703]
  • On the Clustering page, hovering over the icon that shows Web Email Protection enabled now displays correct text. [3012260]
     

PGP Keys

  • Resolved an issue where Symantec Encryption Management Server did not provide a useful error message in the logs when user keys cannot imported because there is no email address specified. [2780110]
  • X.509 key lookups now function successfully for email addresses with fewer than 25 characters. [2986307]
  • When Symantec Encryption Management Server cannot find a key on an X.509 keyserver, the failure no longer causes that keyserver to be marked as down. [2986357]
     

Symantec Encryption Web Email Protection

  • Resolved an issue so that the Symantec Web Email Protection accounts are deleted based on the Inactivity Expiration value specified in Symantec Encryption Management Server. [2837496]
  • Resolved an issue so that users can log in to Symantec Web Email Protection after the Symantec Encryption Management Server is upgraded. [2860242]
  • Messages sent via Certified Delivery now contain the Message ID and Date Header. [2886746]
  • Manually sent Daily Status Emails display correctly in Web Email Protection. [2963029]
     

Upgrading

  • Upgrading no longer causes the creation of duplicate Consumer Policy values. [2623554]
  • Automatic backups no longer occur while software updates are in progress. [2811479]
     

Symantec Drive Encryption

  • Resolved an issue where viewing WDRTs caused crashing due to migration errors. If WDRTs are not viewable after migration, examine the log files for error messages, and contact Symantec Support to resolve the migration errors. [2866688]
     

Symantec Encryption Desktop

  • Resolved an issue that caused searches for external users' keys to fail within Symantec Encryption Desktop. [2745817]
  • Symantec Encryption Desktop can now be configured to automatically abort the connection instead of alerting the end user when there is a problem with the Symantec Encryption Management Server certificate. To enable this new behavior, contact Symantec Support. [2971509]
     

 

Symantec Encryption Management Server 3.3.0: Resolved Issues

This article details a list of resolved issues in Symantec Encryption Management Server 3.3.0. 

 

General

  • Resolved the CVE vulnerability (CVE-2012-0053) where a flaw was found in the default error response for status code 400, which could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument was specified. [2698036]
  • Updated CentOS to fix security vulnerabilities found in the previous version. [2917800]
  • Resolved the issue so that the user is logged in to the administrative interface and the Overview page is displayed as expected. [2822619]
  • Resolved the issue so that a Java exception no longer occurs for administrative users who do not have a mail address set up but who are configured to receive daily status emails. [2824569]
  • Dashboard Policy Group Membership summary no longer uses template data when group display limit reached. [2822615]
     

Deployment

  • Resolved an issue so that an administrator with Basic Administrator privileges was able to create external users. [2894619]
  • Updated Basic Administrator roles so that these accounts can now delete, update, and modify users and groups. [2824601]
  • Searching for internal users by their secondary email addresses can be enabled. To enable the feature, contact Symantec Support. [2704363]
  • Updated the Symantec Encryption Management Server Installation Guide to provide a better explanation about configuring multiple mail servers in a clustered environment. [2645159]
  • Resolved an issue so that administrators can successfully log into the Symantec Encryption Management Server console when the number of users exceeds 120,000. [2684254]
  • Turning on LDAP customization for Active Directory and debug logging no longer shows any error message. [2771162]
  • Resolved the issue so that changing the Symantec Encryption Management Server host name using the administrative interface never updated the host name on the client email policy. [2824567]
  • Checking or unchecking the Consumer Policy checkbox now updates the client preferences file (prefs.xml) as expected. [2824620]
  • Resolved the issue that caused duplicate entries on the Directory Synchronization page. [2896697]
     

PGP Keys

  • Problems with key data no longer cause exceptions after upgrade and data restoration. [2824534]
  • Symantec Encryption Management Server now supports the T.61 character set for the commonName attribute on imported X.509 certificates. [2818776]
  • Resolved an issue so that both the .p12 files are exported successfully without file corruption when a common certificate is exported in a zipped folder. [2475664]
  • Resolved an issue with the encoding of email addresses present in SKM certificates to improve third-party compatibility. [2732760]
  • Resolved an issue so that Symantec Encryption Management Server displays all Active Directory groups available in an LDAP directory when generating AD Group Keys. [2823571]
     

PGP Messaging

  • Resolved a discrepancy in the product documentation that stated that S/MIME messages are not encrypted to the ADK. S/MIME messages are encrypted to the ADK if the ADK has a valid S/MIME encryption certificate. [2470657]
  • Resolved the issue so that Symantec Encryption Management Server successfully communicates with an IBM Lotus Domino server using a secured SMTP session using TLS. [2767570]
  • Resolved an issue in the product documentation so that the Symantec Encryption Management Server Administration guide now states that if a message is forced into RTF format by Exchange before it is sent, the receiving Symantec Encryption Management Server cannot add annotation. [2735294]
  • Resolved the issue so that a large number of emails in the mail queue no longer cause the mail proxy to fail with an out of memory SQL error on the Symantec Encryption Management Server. [2824531]
  • Resolved the issue with consumer policy so that Microsoft Outlook users now see only one copy of a sent email in their Sent Items folder. [2824614]
  • Resolved an issue so that a user can send emails successfully using Lotus Notes after the private key is updated with new user IDs. [2897066]
     

PGP Portable

  • Resolved an issue so that the PGP Portable Creator screen appears as expected when the hidden pref portableForceRemovableEncryption is used. [2805171]
     

Symantec Drive Encryption

  • Resolved an issue so that the Force maximum CPU usage consumer policy setting in Symantec Drive Encryption is now correctly enabled. [2801492]
  • Resolved an issue so that an Administrator from the WDE-Admin Group can add a Symantec Drive Encryption boot bypass on Microsoft Windows XP computers. [2620353]
  • Devices no longer appear to have multiple Disk IDs in Symantec Drive Encryption when WDRTs do not replicate completely across a cluster. [2972133]
  • Resolved an issue in Symantec Encryption Management Server so that users who are not super users cannot create nor change WDE Administrator passphrases. [2748699]
  • Resolved an issue where automatic disk encryption failed after the installation of the Symantec Drive Encryption with embedded policy. [2726532/2590583]
  • Resolved the issue so that inserted removable devices are write-protected if the user fails to select an option from the encryption dialog box within 120 seconds or when Symantec Encryption Management Server is not reachable. [2862478]
  • Resolved the issue with Symantec Encryption Desktop so that invisible silent enrollment no longer fails if the user and system are in a different Active Directory Forest. [2768517]
  • Resolved the issue with Symantec Drive Encryption so that users can no longer pause encryption or decryption when this option is disabled by Symantec Encryption Management Server policy." [2824553] 
  • Resolved the issue so that using the registry entry to disable single sign-on for Symantec Drive Encryption now works as expected (this entry is described in the article HOW TO: Disable the PGP Single Sign-On auto-login feature). [2817096]
  • Resolved the issue that listed the administrator in the logs for all instances when a WDRT is used, and not the actual user who requested it. [2824547]
  • You can now sort alphabetically by OS or client tabs in WDE computers, as well as by string fields. [2824551, 2824560]
  • Resolved an issue so that the WDE Activity report lists all the users on the machine if there are more than 1000 users/devices/machines. [2963260]
     

Symantec Encryption Desktop

  • The default keyserver value keys.$ADDRESS_Domain no longer causes error messages in the Client log, and the communication between Symantec Encryption Desktop Client and Symantec Encryption Management Server is successful. [2803625]
  • Resolved an issue so that the PGP Desktop 10.2 MP2 clients can successfully enroll to the Symantec Encryption Management Server after the server is upgraded to version 3.3. [2617930]
  • Resolved the issue so that the Windows domain name is now transmitted with the user’s user name when enrolling. [2824580]
     

Symantec Encryption PDF Email Protection

  • Resolved the issue so that PDF files created by Symantec Encryption PDF Email Protection can now be opened on BlackBerry devices. The encryption algorithm supported is AES-256. [2824639]
     

Symantec Web Email Protection

  • Resolved an issue in PDF Messenger where creating messages containing certain invalid characters failed with an error. [2961947]
  • Resolved an issue so that the Symantec Web Email Protection accounts are deleted based on the Inactivity Expiration value specified in Symantec Encryption Management Server. [2883452]
  • Resolved an issue so that clicking the Symantec Web Email Protection passphrase recovery mail link now appropriately opens the Create Your Passphrase page. [2820180]
  • Resolved an issue so that clicking the Symantec Web Email Protection passphrase recovery link now appropriately opens the Password Reset page. [2815076]
  • Resolved an issue so that users no longer see an error message when they click the browser back button after opening a Symantec Web Email Protection email message. [2733490]
  • Resolved an issue so that an error message is logged in the mail log when a message template that is not RFC-compliant is used to send an email using Symantec Web Email Protection. [2673600]
  • Resolved an issue where the Delete button was not deleting selected Sent items. [2696728]
  • Resolved an issue so that external users cannot reset their Symantec Web Email Protection account password if the account is locked. [2687941]
  • Resolved an issue so that Symantec Web Email Protection successfully displays RFC-compliant messages with Content-Type as TEXT/PLAIN or text/plain. [2649121]
  • The navigation buttons (First, Previous, Next, Last) now work correctly on the Sent mails page in Symantec Web Email Protection. [2745757]
  • Resolved the issue where users may have encountered an Error 404 when trying to access the login page if you created simple customizations for Symantec Web Email Protection. [2761139]
  • Resolved the issue so that when users click on the link received in a Symantec Web Email Protection notification message, users are now prompted to enter only their passphrase. [2822624]
  • Resolved the issue so that when a user sends email containing an attachment using Symantec Web Email Protection, a copy of the sent email now appears under Sent Items. [2824606]
  • Resolved the issue so that a Symantec Web Email Protection user who has used more than 2 GB of space (even if that is less that the allotted amount) no longer receives an error message when logging in. [2824616]
  • Resolved the issue so that the Symantec “Norton Secured” seal now appears once in the Symantec Web Email Protection browser. [2824655]
  • Resolved the issue so that Symantec Web Email Protection message content is intact after replication across a cluster. [2826042]
  • Resolved the issue so that the deletion of Symantec Web Email Protection messages properly replicates throughout the cluster. [2826061]
  • Resolved the issue that prevented Microsoft Outlook 2010 .isc invitation files from being properly displayed by Symantec Web Email Protection. [2896698]
  • Resolved an issue so that executable files that are considered unsafe by Microsoft do not get corrupted when an external user downloads them from Symantec Web Email Protection. [2839421]
  • Resolved an issue where the first encrypted PDF with Secure Reply enabled would not arrive if sent to a new external user when “Require Sender Authorization” is set in consumer policy. [2876407]
  • Resolved an issue so that inline attachments now display correctly in Symantec Web Email Protection messages sent to external recipients. [2893308]