search cancel

Encryption Desktop clients are not updated with a renewed Encryption Management Server Organization Key

book

Article ID: 162960

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Powered by PGP Technology

Issue/Introduction

If an Encryption Management Server Organization Key is renewed rather than replaced, clients running Drive Encryption or Email Encryption do not download the renewed Organization Key.

The keyring on the clients will show an expired Organization Key.

Cause

When an Organization Key is renewed, the public Organization Key is not added to the orgKeyBlock section of the PGPprefs.xml policy file on the clients.

Environment

Encryption Management Server 3.3 and above.

Resolution

This issue is resolved in Encryption Management Server 3.3.2 MP12. Beginning with this release, if the Organization Key is renewed, it is added to the orgKeyBlock section of the policy preferences on the server and from there to the PGPprefs.xml policy file on the clients.

However, in some environments there is no orgKeyBlock setting in the server policy. To check, do the following:

  1. From the administration console, click on the name of a Consumer Policy.
  2. Click on the Edit button next to the General option.
  3. Click on the Edit Preferences button.
  4. Search for OrgKeyBlock in the list of policy preferences. It is usually easier to copy and paste the full list into Microsoft WordPad or similar and search from there.
  5. If OrgKeyBlock does not exist, please contact Symantec Technical Support.