PGP Encryption Desktop must only connect to Internal cluster members (Symantec Encryption Desktop)
search cancel

PGP Encryption Desktop must only connect to Internal cluster members (Symantec Encryption Desktop)

book

Article ID: 275211

calendar_today

Updated On:

Products

Desktop Email Encryption Encryption Management Server

Issue/Introduction

There are three types of PGP Encryption Server cluster members (Symantec Encryption Management Server):

  1. Internal Members
  2. DMZ Members with private keys
  3. DMZ Members without private keys

Encryption Desktop clients should only ever connect to Internal cluster members.

 

Environment

Symantec Encryption Management Server and Encryption Desktop release 10.5 and above.

Resolution

If your organization uses a DNS name such as keys.example.com for its Internal cluster members and Encryption Desktop clients enroll to that name, please ensure that this DNS name does not resolve to the IP address of a DMZ cluster member without private keys.

This is because if Encryption Desktop uploads its key to a DMZ cluster member without private keys, the user's key on the server will become corrupted. This will be apparent if SKM mode keys on Encryption Management Server change to what appear to be GKM mode keys.