You can enroll the PGP Encryption Desktop client (Symantec Encryption Desktop) to the PGP Encryption Server (Symantec Encryption Management Server) using email. You would use this method if PGP Encryption Server does not use Directory Synchronization with an Active Directory domain controller.

The procedure is as follows:

1. The enrollment process is triggered when PGPtray.exe starts. PGPtray.exe starts automatically after the user logs into Windows because it is in the %ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp folder.
2. The PGP Encryption Desktop Enrollment Assistant starts. The user enters their email address and confirms it, then clicks Next.
3. The PGP Encryption Server sends an enrollment email message to the user. The template for the message can be found in the PGP Server administration console under Mail / Message Templates. The template is called Internal User Welcome Message -- Mail Now Secured. The email message contains an encrypted authentication token that has the variable name $ENCRYPTED_COOKIE in the template.
4. The Enrollment Assistant prompts the user to open their email application (usually Outlook) and check for the enrollment email.
5. The Enrollment Assistant finds and processes the enrollment email and enrollment continues.

Sometimes, the Enrollment Assistant does not find and process the enrollment email and the user is unable to enroll. All they can do is click the Cancel button and exit the Assistant.

There are several common reasons for this occurring.

1. Outlook is open before the Enrollment Assistant starts

If Outlook is already open before the Enrollment Assistant starts, the Enrollment Assistant may be unable to find and process the enrollment email message.

To resolve this, ensure that Outlook is closed when the Enrollment Assistant starts and only open it when prompted to do so by the Assistant.

2. The Outlook Inbox contains multiple enrollment email messages

If the Enrollment Assistant cannot process the enrollment email message and you cancel the Assistant, the enrollment email message will stay in your Inbox.

Each time you try to enroll, PGP Encryption Server sends another enrollment email message to your Inbox. This can cause the Assistant to fail.

To resolve this, do the following:

1. Delete all messages from your Inbox with the Subject "Welcome to Symantec Encryption Server".
2. Close Outlook.
3. Start the Enrollment Assistant.
4. Open Outlook only when the Enrollment Assistant prompts you to do so.

3. The PGPmapih.dll file may be missing from the registry or not loaded first

If the PGPmapih.dll file in not referenced in the Windows registry or is not loaded first, this can prevent the PGP Enrollment Assistant connecting to Outlook.

Warning: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. 

To resolve this, add PGPmapih.dll to the AppInit_DLLs entry in the registry or move PGPmapih.dll to the beginning of the list of files in the AppInit_DLLs entry:

1. Open Regedit. You will need local admin rights.
2. On 64-bit systems, browse to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
3. On 32-bit systems, browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
4. Confirm the AppInit_DLLs entry contains PGPmapih.dll
5. If PGPmapih.dll is missing, add it.
6. If PGPmapih.dll is part of a list of files in the AppInit_DLLs entry, ensure that it is first in the list.