ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Expired key does not renew
Article ID: 241297
Updated On:
Products
Encryption Management Server
Gateway Email Encryption
Issue/Introduction
SKM (Server Key Mode) user keys on Encryption Management Server should be renewed automatically according to policy settings.
A user's SKM key may not be renewed as expected.
The Group log shows a warning and error similar to the following during periodic regrouping against Active Directory:
encountered error while regrouping consumer "First Last" (b38f1e40-1dd6-4284-8bd3-25cd92b7c53e): key requires passphrase to unlock
can't unlock key "First Last [email protected]" (KeyID: 0x386038D7)
Environment
Symantec Encryption Management Server 10.5 and above.
Resolution
The error "key requires passphrase to unlock" indicates that the key has been corrupted; an SKM mode key should not require a passphrase.
Either restore the key from backup or revoke the key and, if the user has Encryption Desktop installed, re-enroll the user. A new key will be generated.
Feedback
Yes
No
Powered by
