Symantec Encryption Management Server (SEMS) has the ability to manage PGP keys as well as SMIME certificates. When attempting to import a key to the server on the Internal Users page, you may receive an error "item not found".
Upon enabling debug mode for the SEMS logging, the following information is recorded:
Couldn't import user "Bobby <[email protected]>" (KeyID: 0x1234ABCD): item not found
ldap directory: DomainDC, failed to get dn from email: [email protected]
ldap server: ldap://domainDC.domain.dom:636, ldap object is not found for the search filter (|([email protected])(proxyAddress=SMTP:[email protected]))
The reason for this is when you have Directory Synchronization enabled on SEMS, it will do a user lookup on each key that you import. If the user is not found in the directory, the key will not import.
The other reason this could happen is you are importing a key that has a domain, which does not match the list of Managed Domains on SEMS.
In order to import a key, ensure the user exists in the LDAP Directory (Active Directory or OpenLDAP Directory) so that when the key is imported, the user can be resolved.
For example, for the logs shown above, "[email protected]" was not part Active Directory, so the user could not be found and "authenticated".
In addition to the above, SEMS will compare the domain of the key you are trying to import of the Managed Domains on the SEMS. If "bobby.dom" is not part of the managed domains, the key will not import.
If you check the LDAP attributes for the user, ensure the proper proxyAddress value is populated for the account and the key should import successfully. In this case, "proxyAddress=SMTP:[email protected]"
Note: If you are importing public keys for a different domain, do this in the External Users section of SEMS and this directory lookup will not occur and should import the key. This condition is only applicable when importing keys to the "Internal Users" list on SEMS.
If you need any further assistance on troubleshooting importation of keys, feel free to reach out to Symantec Encryption Support and we will be happy to assist.