ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

File Share Reencryption failing when using Group Keys as Group Admin Role


Article ID: 221518


Updated On:


File Share Encryption Encryption Management Server


Symantec Encryption Desktop has a known behavior when you are using Group Keys as the "Group Admin" role. The Group Admin role provides elevated permissions to allow encryption/decryption of protected folders.

While each protected folder can only have one user or group key with the Admin role, multiple Group Admins are supported.

When the File Share Group Key on Encryption Management Server is designated as Group Admin, re-encryption may fail with these error messages:

Folder authentication failed

Folder initialization failed

In the Encryption Desktop log you see this error:

File Share: Folder authentication failed

File Share: Folder initialization failed

The same error messages appear in the Client log of Encryption Management Server:



Symantec Encryption Management Server 10.5 MP1 and above.


Symantec Enterprise Division is aware of this issue and is currently reviewing this issue. Please contact Symantec Encryption Support for more information on this.

A potential workaround is to first reencrypt the share without adding users, and then reencrypt the share and add the users.

Another workaround is to designate one group key as type Admin and other group keys as type User. In other words, to stop using the Group Admin type. This may involve increasing the number of users in the group that has Admin permissions.

Additional Information