Use Symantec Encryption Desktop with Microsoft Windows Server 2016 Remote Desktop Services
search cancel

Use Symantec Encryption Desktop with Microsoft Windows Server 2016 Remote Desktop Services


Article ID: 179404


Updated On:


Symantec Products


Use Symantec Encryption Desktop with Microsoft Windows Server 2016 Remote Desktop Services


The Symantec Encryption Desktop 10.4.2 Maintenance Pack 4 (MP4) release supports installation of the 64-bit version of Symantec Encryption Desktop 10.4.2 MP4 for Windows on Remote Desktop Services (RDS) on-premise platform in Microsoft Windows Server 2016 (64-bit). Also, Internet Explorer 11 is the supported browser to use the RDS Web Access URL.

Important Note: Symantec has included some improvements and recommends using Symantec Encryption Desktop 10.5 MP1 for best results.

To use Symantec Encryption Desktop with Remote Desktop Services

  1. Install Remote Desktop Services with Session-based desktop deployment.
  2. On the Remote Desktop Session Host (RDSH), open the Command Prompt with elevated privileges and make the installation directory the working directory.
  3. Execute the following command to install or upgrade the 64-bit version of Symantec Encryption Desktop with Symantec Drive Encryption (WDE) and Single Sign-On (SSO) disabled:
    msiexec /i PGPDesktop64_en-US.msi PGP_INSTALL_WDE=0 PGP_INSTALL_SSO=0
  4. Note: Ensure that the WDE and SSO are disabled. 
  5. Restart RDSH.
  6. Navigate to C:\Program Files (x86)\PGP Corporation\PGP Desktop and publish the following apps:
  • PGPDesk.exe
  • PGPTray.exe
  • PGPViewer.exe
  1. On a client computer, open Internet Explorer 11 and log in using the RDS Web Access URL.
  2. Double-click the PGPDesk.exe.
    Note: If you use PGP Messaging to encrypt and decrypt email message, ensure the consumer policy pref "blockMailIfInitFailed" is set to “false” for a new user before the user enrollment. For more details, see the workaround in the known issues section below.
  3. Complete the user enrollment process using the Symantec Enrollment Assistant wizard.
    Note: The PGPTray and the PGP services do not start automatically when the RDSH is restarted, or when a user connects to RDS after logging off from RDS. To start the PGPTray and the PGP services, users must run the PGPDesk.exe file. Click the lock icon and click Open PGP Viewer or any other option to verify the installation

Known issues

New users cannot send encrypted emails

When first time users of PGP Messaging send an encrypted email message, an error message is displayed, and the email is not sent. To work around this issue, perform the following steps before the user enrollment process:

  1. Open Symantec Encryption Management Server management console.
  2. Click Consumers > Consumer Policy.
  3. Click on the name of the policy to edit.
  4. Click Edit > Edit Preferences.
  5. Add the following setting:
  • Pref Name: blockMailIfInitFailed
  • Type: Boolean
  • Value: False
  1. Click Save.

Virtual disk support

  • NTFS-formatted virtual disks are not supported.
  • Virtual disks cannot be mounted as a drive letter. Virtual disks need to be mounted in a folder.


Important Note: See article 190223 for more scenarios related to the PGP plugin and messaging service where mail may not be encrypting properly.

Additional Information

Etrack: 4256424

200696 - Symantec Encryption Services - Add Symantec Encryption programs to safe list or exclusions in security software

157763 - Enrollment Prompt appears in Virtual Environments - VI / VMware View Persona Management / Dell Wyse vWorkspace and Symantec Encryption Desktop

162217 - Delays when opening RDP Connections or Outlook via Dell vWorkspace when Symantec FileShare Encryption is installed