When attempting to enroll a PGP Desktop client with the PGP Universal Server you receive the following error:
Unable to enroll with an error of invalid License number error code 11993
This issue can occur when using LDAP Directory Synchronization for enrollment and the user LDAP attributes do not match the LDAP attributes for a custom policy.
When the user's attributes do not meet the custom policy attributes, the user is placed in the Internal Users: Default policy group or Excluded Users if the option is set to Exclude non-matching users by default on the Internal Users: Default policy Directory Services tab.
The error then occurs if the Internal User:Default policy does not have a license for PGP Desktop.
Here are some areas to investigate to troubleshoot the issue:
Check the license
- Log in to PGP Universal server then click System tab. Verify that users have not exceeded the limit.
- Go to Consumers Policy and then select the policy that applies to the user. Click Client Licensing. Check if license is ok, users have not exceeded the limit.
- Download customized PGP client from universal, matching user´s policy. Install and try enrollment.
- Confirm other users enroll successfully and are placed in the correct internal user policy group. This will tell you if the LDAP settings for the policy are correct.
- Check see if other users in the LDAP group are enrolling correctly. This confirms if the policy group is set up correctly.
- If the LDAP settings appear correct, check the user settings on the PC to confirm the user displays the correct information from the LDAP server. To check the user's profile, open a command prompt and type gpresult then press Enter. This command displays user settings, domain policy, group membership, and computer settings.
- If the user's domain information is not current, type gpupdate to update the user's Group Policy information.
- Delete the PGP Corporation folder for the user and for All Users on the system in the following directory:
Windows 2000, XP, Server 2003
Documents and Settings\%USERNAME%\Application Data
- Attempt to re-enroll the client by starting PGP Desktop. This causes the PGP Enrollment Assistant to start.
- If the client is still unable to enroll with the server, try deleting the user from the LDAP group on the directory server then re-add the user to the group. Reboot the system and use the directions in steps 5 and 6 to re-enroll the client.