"No secret key found" Error Displayed During Enrollment


Article ID: 153671


Updated On:


Symantec Products


During enrollment on a Mac OS X system, you receive the error message No secret key fround and enrollment fails.



This issue occurs on PGP Universal Server 3.0.0 when deploying a user policy for PGP Whole Disk Encryption with the SKM key mode, and using a PGP WDE only license. This is a known issue and will be fixed in an upcoming release of PGP Universal Server.

There are two available workarounds to solve this issue:

1. Add a temporary mailstream license that includes PGP WDE functionality to the PGP Universal Server until the issue is fixed. Contact PGP Technical Support to obtain the temporary license. It is not necessary to update the PGP Desktop license on the server. Then re-enroll the client.

2. Add the option for the client to use the Guarded Key Mode (GKM) for the user policy and set the option to Allow user-initiated key generation.


  • From the server admin interface, click Consumers > Consumer Policy and then select the desired user policy.
  • Next to Keys select Edit and then click Management.
  • Place a checkmark next to Guarded Key Mode (GKM) and click Save.
  • Click Desktop next to PGP Desktop.
  • Place a checkmark next to Allow user-initiated key generation and click Save.

3. Re-enroll the client on the system.