We want all LINUX servers to have a CRYPTO APVIRT card unless there are CRYPTO DOMAIN x APDED to override it. 

I may have tried this before because I found the CRYPTO APVIRT card commented out in the PROFILE LINUX, if I uncomment I get errors on all the entries with a DOMAIN. 

Using VMSECURE ADMIN PROFILE, I just tried to uncomment the CRYPTO APVIRT card in the LINUX PROFILE.  

When I did and filed it I got:

   ACIGROUP LINUX

*  CRYPTO APVIRT

   ACCOUNT 00000000 A0186077

   MACHINE ESA 32

vmsecure admin profile Linux

Validating profile LINUX as temporary profile LINU0000.

Testing 526 user(s) containing an include record for LINUX.

Invalid parameter on CRYPTO record at 'APDED'.

On record 17 in file 'ZOE46 VMXSYSAD U '.

Record is: 'CRYPTO DOMAIN 08 APDED 0 1 2 3 4 5 6 7'.

Error 24 attempting to UPDATE directory entry ZOE46 VMXSYSAD. 

..several more...

Here's what one of them looks like in the directory entry:

00016

00017 CRYPTO DOMAIN 08 APDED 0 1 2 3 4 5 6 7

00018 SHARE REL 200

00019 COMMAND DEFINE STORAGE 1500M STANDBY 8G

00020 ACCOUNT 00000000 ZVM    

Shouldn't the INCLUDE for this understand a CRYPTO DOMAIN in the directory override the CRYPTO APVIRT from the include like other things do?

VM:Secure r3.2

One suggestion is to put the APVIRT in the GOLD image that it uses to build the directory, then replace it later if you need an APDED.