This article describes the steps to re-enroll Symantec Encryption Desktop (previously PGP Desktop) for Mac clients.
For instructions on how to re-enroll Symantec Encryption Desktop for Windows clients, please see the following article:
http://www.symantec.com/docs/HOWTO42029
Enrollment is the binding of a computer with Symantec Encryption Desktop client software installed to a Symantec Encryption Management Server (SEMS - previously PGP Universal Server). After a client is bound it receives feature policy information from the SEMS; for example, encryption keys, email policy, or Symantec Drive Encryption (formerly known as Whole Disk Encryption) administration.
In some circumstances, you may need to re-enroll Symantec Encryption Desktop clients if the client is experiencing connection problems with the SEMS, the client license does not update after renewing the client license on the server, or in rare circumstances the client preference files ( ~Library\Preferences\com.pgp.*) become corrupted.
Use the following steps to re-enroll a Symantec Encryption Desktop for Mac client with SEMS.
Launch Symantec Encryption Desktop to start the Symantec Enrollment Assistant.
For Encryption Desktop 10.0.x through 10.3.0, if enrollment does not begin: Check under /Applications/PGP.app/Contents/Resources/policy.txt ---- This should contain a string similar to this 'ovid=keys.example.com&mail=*&admin=1'. If there is any trouble resolving the hostname found in the string then enrollment will not function as expected. In Symantec Encryption Desktop 10.3.1 and above, the location is /Applications/Encryption Desktop.app/Contents/Resources/policy.txt.
Caution: When Symantec Encryption Desktop clients are enrolled, entries are placed in the Mac OS X Keychain Access Utility. These entries include "PGP LDAP", "PGP Universal Auth Cookie" and a user entry of Kind, "PGP Passphrase" (Usually the name of this entry is the email address of the user enrolling). These entries are used for enrollment and for the passphrase that can be used during encryption of a drive. These entries remain, even after an uninstall of the software. If re-enrollment is being done, it is also recommended to clear out all these entries before re-enrolling the client so they will be re-created from scratch. Not clearing these out may result in unexpected results, as outlined in TECH211645.