PGP Universal Server introduced a feature beginning with version 3.0.x to enable an PGP Desktop user to enroll using userPrincipalName OR sAMAccountName in the username field.
This is useful when you have a user (e.g. Administrator) which is common among multiple domains in an Microsoft Active Directory (AD) Forest.
failed authentication for internal PGP Desktop (client version) user (username) from [IP address]
The sAMAccountName is not required to be unique in an Microsoft multi-domain AD Forest configuration. However, this can cause problems with PGP Universal Server and not allow the user to enroll because the software gets confused which user you are enrolling as and you will receive an authentication failure notification when trying to enroll.
Make sure that Directory Synchronization is enabled under Consumers > Directory Synchronization. If not, click the Enable button
Click the Settings button on this screen and make sure that Enroll clients using directory authentication is checked and click Save.
Make sure that your Base Distinguished Names tab (under the server entry in Directory Synchronization page) has the correct Base DN configured to search for the user that is having problems enrolling (e.g. CN=Users,DC=corp,DC=example,DC=com). This would be valid for users in the CORP domain under the EXAMPLE.COM forest. Click Save when changing the Base DN settings.
When enrolling the PGP Desktop clients:
1. Launch PGP Tray from Start > All Programs > Startup > PGP Tray.
2. When prompted for authentication, instead of putting in the sAMAccountName value (e.g. Administrator) use the UPN (e.g. firstname.lastname@example.org). You can find the UPN using an LDAP browser such as Softerra LDAP browser or else using the ADSI Edit utility from Microsoft.
3. Enter the correct password for that user. This will allow you to enroll successfully.
Alternatively, to have users continue to use the sAMAccountName attribute when enrolling (e.g. TUser for Test User). They only need to supply this information in the username field (TUser) and the users password.
PGP Universal Server
PGP Desktop managed client
Microsoft Active Directory Forest with multiple domains
Imported Document ID: TECH199481
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.