If there is unusual behavior with Symantec Encryption Desktop (PGP Desktop) or the software is not working correctly, sometimes the easiest solution is to re-enroll the client to PGP Server.
Issues that re-enrollment can address:
The enrollment is the process of registering the PGP client with Symantec Encryption Management Server (PGP Server). After a PGP client is registered with the PGP server, it receives policy updates from the server, updates logs to the server, and can lookup PGP keys on the server.
This article covers Windows clients. For Mac clients, see Re-enrolling Encryption Desktop for Mac OS X clients.
Symantec Encryption Desktop 10.5 and later.
For example, if you right click on the PGP Tray applet from the notification area of the Windows taskbar, choose Update Policy and get an error, even though you are connected to the internal network, it may help to re-enroll the client.
To re-enroll the Encryption Desktop client, follow these steps:
Restricting Users from Enrolling to the PGP Encryption Server
The main reason for enrollment is to prove to the PGP Encryption Server that you are a valid user.
If you are unable to provide credentials that will authenticate you as a valid domain user the enrollment will fail.
If you would like to restrict users from enrolling, you can do so by specifying conditions in the Groups, such as the "Excluded Group".
If you would like to restrict users from enrolling, and you do not have LDAP Enrollment enabled, you can use dictionaries or using even a specific domain to match the Excluded Group.
Users matching the excluded group will not be able to enroll.
Only the managed domains listed on the PGP Encryption Server will be allowed to enroll.
If you have a domain you wish to restrict, simply make sure it's not included in the Managed Domains list on the PGP Encryption Server.
Issues that can be assisted with Re-enrollment:
*Messaging enabled even though the policy shows disabled.