File Share Reencryption failing when using Group Keys as Group Admin Role
Article ID: 221518
Updated On:
Products
Issue/Introduction
Symantec Encryption Desktop has a known behavior when you are using Group Keys as the "Group Admin" role. The Group Admin role provides elevated permissions to allow encryption/decryption of protected folders.
While each protected folder can only have one user or group key with the Admin role, multiple Group Admins are supported.
When the File Share Group Key on Encryption Management Server is designated as Group Admin, re-encryption may fail with these error messages:
Folder authentication failed
Folder initialization failed
In the Encryption Desktop log you see this error:
File Share: Folder authentication failed
File Share: Folder initialization failed
The same error messages appear in the Client log of Encryption Management Server:
Environment
Symantec Encryption Management Server 10.5 MP1 and above.
Resolution
This issue is resolved in Symantec Encryption Desktop 10.5.1. If it is not possible to immediately upgrade to this version, consider the following workarounds:
Workaround 1:
First reencrypt the share without adding users, and then reencrypt the share and add the users.
Make sure you have a keypair as Admin locally in your keyring for this.
Workaround 2:
Designate one group key as type Admin and other group keys as type User. In other words, to stop using the Group Admin type. This may involve increasing the number of users in the group that has Admin permissions.
Symantec has determined the impact on this is very low, so this issue will not be addressed. If this is causing critical issues for your organization, please contact Symantec Encryption Support for more information on this.
Additional Information
EPG-24286
Feedback
