When attempting to re-enroll a PGP Desktop for Mac client with the server, you receive the error message Insufficient Privileges and enrollment fails.
This can occur when the Mac OSX system is or was previously PGP Whole Disk Encrypted and a Whole Disk Recovery Token (WDRT) remains in the server database. To allow the enrollment process to continue, you must manually delete the WDRT from the server using the command line interface.
Use the following steps to manually delete a WDRT for a disk:
Log in to PGP Universal Server admin interface.
Click Consumers > Devices.
Below WDE Computers, click the WDE Computers button. The PGP Whole Disk Encrypted computers are displayed.
Find and click the name of the computer for which you want to delete the WDRT. The WDE Computer Information is displayed.
Select Disk Encryption to expand the section.
If there are multiple encrypted disks, make sure you select the correct disk by viewing the name, size, and status of the disk.
Copy the Disk ID for the disk.
Access the server via the command line.
Access the server database by typing psql oviddb ovidrw and pressing Enter.
Start a transaction block by typing: begin; and press Enter. This allows you to undo any action you take if you make a mistake.
Delete the recovery token for the drive by typing: delete whole_disk_recovery_token where device_id = 'paste device id here'; and press Enter.
This command should return DELETE 1. If it shows any number other than 1, something in the command was typed incorrectly. To correct the error, type rollback; and press Enter and then re-type the command.
Type commit; and press Enter to confirm the deletion of the WDRT.
Type \q and press Enter to exit the database.
After deleting the WDRT for the disk, re-enroll the PGP Desktop for Mac client.
Imported Document ID: TECH149834
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.