File Share Reencryption failing when using Group Keys as Group Admin Role

book

Article ID: 221518

calendar_today

Updated On:

Products

File Share Encryption Encryption Management Server

Issue/Introduction

Symantec Encryption Desktop has a known behavior when you are using Group Keys as the "Group Admin" role. The Group Admin role provides elevated permissions to allow encryption/decryption of protected folders.

While each protected folder can only have one user or group key with the Admin role, multiple Group Admins are supported.

When the File Share Group Key on Encryption Management Server is designated as Group Admin, re-encryption may fail with these error messages:

Folder authentication failed

Folder initialization failed

In the Encryption Desktop log you see this error:

File Share: Folder authentication failed

File Share: Folder initialization failed

The same error messages appear in the Client log of Encryption Management Server:

 

Environment

Symantec Encryption Management Server 10.5 MP1 and above.

Resolution

Symantec Enterprise Division is aware of this issue and is currently reviewing this issue. Please contact Symantec Encryption Support for more information on this.

A potential workaround is to first reencrypt the share without adding users, and then reencrypt the share and add the users.

Another workaround is to designate one group key as type Admin and other group keys as type User. In other words, to stop using the Group Admin type. This may involve increasing the number of users in the group that has Admin permissions.

Additional Information

EPG-24286

Attachments