This article decribes what happens to a customized PGP Desktop client if a PGP Universal Server is offline or otherwise unavailable.
When communication with the PGP Universal Server is lost, certain functionality with the PGP Desktop software is lost. This article describes expected behavior when various PGP Desktop clients cannot communicate with the PGP Universal Server.
PGP Desktop Email
PGP Desktop Email synchronizes with the PGP Universal Server mail policies, even if the PGP Universal Server is not processing email. The PGP Universal Server acts as the policy server for email encryption and communicates to the PGP Desktop Email client how to encrypt email.
If the PGP Desktop Email client is unable to communicate with the PGP Universal Server for policy, the PGP Messaging logs will display the following error:
The error indicates PGP Desktop Email could not communicate with the PGP Universal Server for policy (keys.acme.com is the Universal Server in this example):
11:28:28Error Unable to establish SOAP communication with keys.acme.com
11:28:28 Info Processing outgoing message from User1 with subject: PGP TEST
11:28:28 Warning Server keys.acme.com not responding; will wait 15 minute(s) before trying again
At this point, the PGP Desktop service counts down from 15 minutes before re-attempting to contact the PGP Universal Server for policythis avoids constant traffic from PGP Desktop Email to the PGP Universal Server while the PGP Universal Server is unavailable.
If attempting to resend the message within the 15 minute countdown timeframe, the PGP error will be displayed again and the messaging logs will display the remaining minutes before contacting the PGP Universal Server again for policy:
11:42:04 Info Processing outgoing message from User1 with subject: PGP TEST
11:42:04 Warning Server keys.acme.com not responding; will wait 2 minute(s) before trying again
If attempting to resend and the PGP Universal Server is still unavailable, the messages will not be sent. The messages can be saved in Drafts and then re-sent once the PGP Universal Server is up and running at which time all the messages will send properly after the 15 minute count down has been reached:
12:31:33 Info Processing outgoing message from User1 with subject: PGP TEST
12:31:33 Info SDK Notification: other
12:31:33 Info SDK Notification: other
12:31:34 Info Successfully synchronized policy with keys.example.com
12:31:35 Info Encrypting PGP Partitioned message to User1@acme.com with key(s):
12:31:35 Info 'User1 ' (0x360E9B55)
12:31:35 Info Signing PGP Partitioned message with key 'User1 ' (0x360E9B55)
Note: If the PGP Universal Server is subsequently brought online within the 15 minute countdown, the message will still not send until after the 15 minute countdown for that specific email. This 15 minute countdown will not apply to new email--compose a new email to bypass the countdown and send the email immediately.
PGP Whole Disk Encryption
If PGP Whole Disk is the only feature being used and the PGP Universal Server is unavailable, the PGP Whole Disk client will not be able to retrieve policy as expected. Any keys that need to be obtained from the PGP Universal Server for file encryption will also not be available.
PGP Whole Disk Recovery Tokens (WDRTs) will still work if needed, however once the end-user enters the WDRT at PGP Bootguard (PGP passphrase prompt during bootup), a new WDRT will not be generated and an error will be displayed.
"A new Whole Disk Recovery Token could not be generated because the Administrative Server is not available"
The WDRT will still work until the PGP Whole Disk client is able to contact the PGP Universal Server. Once the PGP Universal Server is available, a new PGP Whole Disk passphrase can be created and a new WDRT will then be synchronized with the PGP Universal Server.
If PGP Netshare is the only functionality being used, the ability to add users to a network share/folder using LDAP Groups is unavailable. Any keys that need to be obtained from the PGP Universal Server for file encryption will also be unavailable
All PGP Netshare authentication will work as normal and access to PGP Netshare-encrypted folders will be the same as if online. PGP Netshare functionality will still work as long as the public keys are available from the PGP Desktop local keyrings.
Caution: With PGP Desktop Email 9.5.0 and below, if Microsoft Outlook was offline, some of the messages would not be encrypted according to policy. In this case, waiting for 15 minutes after sending the email offline and reconnecting, then re-sending will then encrypt the emails. This has been resolved with PGP Desktop Email 9.6.x and above.
Imported Document ID: TECH148971
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.