When creating a PGP Zip file using Encryption Desktop, you search Encryption Management Server for an Active Directory group name.

If Encryption Management Server is configured to use Directory Synchronization and is pointing to a Windows domain controller, it searches the domain controller for the name of the group.

Active Directory users that are members of the group or any nested groups will be retrieved by the search so long as they are registered as Internal Users in Encryption Management Server and have a valid PGP key.

However, if the group contains nested groups, an application fault will usually occur when you try to add the top level group to the PGP Zip file.

Events are logged to the Windows Application Log with Event ID 1000 and one or both of the following descriptions:

Faulting application name: PGPmnApp.exe, version: 10.4.2.502

Faulting application name: PGPdesk.exe, version: 10.4.2.502

In addition, an error message may appear containing the following text where N is an 8 digit numeric value:

PGPLoadStringW Could not find ID N

• Symantec Encryption Desktop 10.3.2 MP13, 10.4.2, 10.4.2 MP1, 10.4.2 MP2, 10.4.2 MP3 or 10.4.2 MP4.
• Symantec Encryption Management Server 3.3.2 MP13, 3.4.2, 3.4.2 MP1, 3.4.2 MP2, 3.4.2 MP3 or 3.4.2 MP4.

Upgrade to Encryption Management Server 3.4.2 MP5 or above and Encryption Desktop 10.4.2 MP5 or above.

If you cannot upgrade, you can do the following to workaround this issue:

1. Click on the Add button to search for users to add to the PGP Zip file but do not select any users, just click the OK button to return to the previous step.
2. Click the Add button again and this time search for the Active Directory group on Encryption Management Server and select the group. The users that are part of the group or any nested groups and are registered as internal users in Encryption Management Server will be added successfully to the PGP Zip file.