Encryption Desktop cannot import keys in a Citrix VDI


Article ID: 236744


Updated On:


Encryption Management Server Desktop Email Encryption File Share Encryption


If a user is using a Citrix VDI (Virtual Desktop Infrastructure) they cannot import keys into their Encryption Desktop keyring.

No error message is displayed. Keys just fail to be imported.


The only VDI certified for Encryption Desktop are VMware ESXi virtual machines.


Symantec Encryption Desktop and Symantec Encryption Management Server release 10.5 and above.


This workaround may allow Encryption Desktop to import keys:

  1. From the Encryption Management Server management console, navigate to Consumers / Consumer Policy and click on the user's policy name.
  2. Click on the Desktop button.
  3. In the General tab, the Override default keyring locations option is, by default, not configured:
  4. Enable the option Symantec Encryption Desktop for Windows and in the location field, enter a folder name within %APPDATA% such as %APPDATA%\PGP:
  5. Re-enroll the user.

The %APPDATA% environment variable usually refers to the folder C:\Users\username\AppData\Roaming where username is the user's Windows username. The Encryption Desktop  PGPprefs.xml configuration file, PGPpolicy.xml file, log files, etc reside in "%APPDATA%\PGP Corporation\PGP".

By default, the local keyring is stored in %HOMEPATH%\Documents\PGP which usually refers to the folder C:\Users\username\Documents. However, this folder is unsuitable for storing keyrings in some environments.

Additional Information

157763 - Enrollment Prompt appears in Virtual Environments - VI / VMware View Persona Management / Dell Wyse vWorkspace and Symantec Encryption Desktop