User having two keys on Symantec Encryption Management Server (SEMS) receive an error message during policy update.
"PGP Key is not Valid" or "PGP Key is expired"
PGP Support for Blackberry and Blackberry Enterprise Server (BES) don't have any ability to choose the primary key on the server. Therefore users will get sometimes the second key during policy update. Having two keys on SEMS is not supported, because only the primary key should be used for signing and encrypting email.
Symantec will not provide any solution on this issue. Symantec provides following Workaround:
Please delete the second key from the server. If the user has Symantec Encryption Desktop (SED), the key can be imported to SED for en-/decrypting emails.
Please make sure that you have a backup of the deleted key, just in case the users has problems with their machine.
Symantec Encryption Management Server
PGP Support Package for Blackberry