This article details general troubleshooting steps when using the Single Sign-On (SSO) feature of Symantec Drive Encryption (previously PGP Whole Disk Encryption).
SSO issues can be caused by the following:
You can verify that you are using a SSO user account for authentication by checking the registry where the MSI options supplied at installation are stored as referenced in this article. When validating the registry options make sure that the PGP_INSTALL_SSO option is set to 1 indicating that the driver is installed.
See the following example:
Also you will notice the user in the Symantec Drive Encryption user list under PGP Disk > Encrypt a disk or partition after selecting the boot drive.
The Single Sign-On (SSO) feature allows you to use your existing Windows passphrase for authentication to your Symantec Encrypted drive and automatically log you into Windows.
The Single Sign-On feature utilizes one of the methods Microsoft Windows provides for customizing the Windows login experience. Drive Encryption uses your configured authentication information to dynamically create specific registry entries when you attempt to log in.
Use the following steps to troubleshoot Single Sign-On:
Validate that the user is a SSO user using the pgpwde command line tool.
If the SSO feature fails after changing your Windows password, check the permissions for the PGPWDE01 file located in the root of the C: drive. The Authenticated Users group needs to have Modify permissions for the PGPWDE01 file. If necessary, modify the permissions for the file, logging off and logging back on to Windows will cause the PGP Tray to update the PGPWDE01 file. This may not be possible to view certain permission from the file properties window on more recent versions of the product. File compression on these files could also cause similar issues where we are unable to write back to the file due to known driver limitations.
To check the PGPWDE01 permissions
In some cases, other third party Network provider connections may interfere with the Single Sign-On feature. Try moving the PGP Network Provider connection above other third-party connections in the Network Provider Order. Use the steps below for your operating system.
Windows Vista & Windows 7 & Windows 8 & Windows 10
Note: The Provider Order can also be updated on multiple computers by creating a script which updates a PGP Windows Registry value. To use a script to update the value, modify the PGP_SET_HWORDER value from 0 to 1. The PGP_SET_HWORDER value is located in HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP folder (32-bit systems) and KEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PGP Corporation\PGP folder (64-bit systems).
The PGP WDE Single Sign-On feature can be affected by a Logon setting within a group policy for the computer. Check if enabling the Always wait for the network at computer startup and logon setting in the Logon folder of the Group Policy corrects any SSO issues.
Interactive logon: Do not require CTRL+ALT+DEL
Check if any security settings requiring the user to press CTRL+ALT+DEL before logging on to the system affect the Single Sign-On feature.
In some cases, the Single Sign-On password may not synchronize properly due to an incompatibility with certain versions of the Intel PROSet/Wireless software. For Dell computers using version 11.5 of the Intel PROSet/Wireless software, this issue is solved by upgrading the software to version 12 or higher or by uninstalling the software.
If a USB thumb drive or SD card is inserted, a conflict may occur if the USB or SD disk is detected as Disk 0 on the system. Confirm the Windows system disk is Disk 0 in Disk Management. If the USB or SD disk displays as Disk 0, remove the disk, reboot the computer, and then change the Windows password.
For more information on troubleshooting Single Sign-On when Microsoft Accounts are in use, see article TECH216805.
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Set default language
Do you wish to save this as your future site?