Symantec Encryption Desktop is unable to enroll, connect, nor synchronize policy with Symantec Encryption Management Server.
The following symptoms may be observed:
- The PGP Tray fails to display in the task bar although pgptray.exe does display in Windows Task Manager.
- Opening Encryption Desktop displays an error message: "Encryption Desktop is unable to contact your organization's Symantec Encryption Server".
- Errors may be shown in the log concerning problems connecting to the Symantec Encryption Management Server.
PGPSTAMP may not be pointing to the Symantec Encryption Management Server.
A second issue is that Encryption Desktop automatically uses the Internet Explorer (IE) Proxy settings. However, some proxy servers do not allow SOAP/S traffic to go through completely to Symantec Encryption Management Server . A connection to the server is possible, but not all information is received by Symantec Encryption Management Server or Encryption Desktop.
Use the following to troubleshoot the issue:
To check the value of the PGPSTAMP, click Start > Run > Regedit. PGPSTAMP can be found in the following container:
PGPSTAMP should look similar to this with ovid= pointing to your Symantec Encryption Management Server:
Check proxy and port connectivity
Remove the proxy server from the Internet Explorer settings completely or add an exception to the Advanced settings:
- Open Microsoft Internet Explorer and click Tools > Internet Options > Connections > LAN Settings > Advanced
- Enter the Symantec Encryption Management Server FQDN into the exceptions list (separated by semicolon if needed). Use the same name as in the PGPSTAMP registry entry.
Note: The Option "Bypass Proxy Server for local addresses" is not used in Encryption Desktop, so adding an exception is the only way to set this.
When proxy settings are enforced by a group policy, the group policy will need to be changed to add the Symantec Encryption Management Server FQDN and port 443 to the group policy proxy exceptions list.
Check port connectivity
Check to make sure that port 443 is open on the client machine and that you can telnet to port 443 on the Symantec Encryption Management Server from the client machine. If port 443 is closed or blocked, enrollment will fail. Note that being able to telnet to port 443 of the server does not mean that proxy settings are not causing a problem. One way of testing this is to try to connect to https://keys.<yourservername>.com