Unable to import public or private keys to the PGP Encryption Management Server with error item not found (Symantec Encryption Management Server)
search cancel

Unable to import public or private keys to the PGP Encryption Management Server with error item not found (Symantec Encryption Management Server)

book

Article ID: 218567

calendar_today

Updated On:

Products

PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP Encryption Suite PGP SDK Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction

The PGP Encryption Server (Symantec Encryption Management Server) has the ability to manage PGP keys as well as SMIME certificates.  When attempting to import a key to the server on the Internal Users page, you may receive an error "item not found".

 

Upon enabling debug mode for the SEMS logging, the following information is recorded: 

Couldn't import user "User 1 <[email protected]>" (KeyID: 0x1234ABCD): item not found
ldap directory: DomainDC, failed to get dn from email: user1example.com
ldap server: ldap://domainDC.example.com:636, ldap object is not found for the search filter (|([email protected])(proxyAddress=SMTP:[email protected]))

Cause

The reason for this is when you have Directory Synchronization enabled on the PGP Encryption Server, it will do a user lookup on each key that you import.  If the user is not found in the directory, the key will not import.

The other reason this could happen is you are importing a key that has a domain, which does not match the list of Managed Domains on the PGP Server.

Resolution

In order to import a key, ensure the user exists in the LDAP Directory (Active Directory or OpenLDAP Directory) so that when the key is imported, the user can be resolved.

For example, for the logs shown above, "[email protected]" was not part Active Directory, so the user could not be found and "authenticated".

In addition to the above, the PGP Encryption Server will compare the domain of the key you are trying to import of the Managed Domains on the SEMS.  If "example.com" is not part of the managed domains, the key will not import.

If you check the LDAP attributes for the user, ensure the proper proxyAddress value is populated for the account and the key should import successfully.  In this case, "proxyAddress=SMTP:[email protected]"

Note: If you are importing public keys for a different domain, do this in the External Users section of SEMS and this directory lookup will not occur and should import the key.  This condition is only applicable when importing keys to the "Internal Users" list on SEMS.

If you need any further assistance on troubleshooting importation of keys, feel free to reach out to Symantec Encryption Support and we will be happy to assist.

Additional Information

EPG-25054
EPG-25075
EPG-25279

Powered by Wolken Software