Folder Redirection with Windows 7 and Server 2008 causes PGPtray.exe to crash upon enrollment
Upon logging in to Windows 7, a PGP Tray window pops up and says:
"PGP Tray has stopped working"
This issue is caused by Folder Redirection of the Documents folder with Windows 7 and Windows Server 2008. This issue does not occur with Windows XP.
This issue has been resolved in Symantec Encryption Desktop 10.3.2 MP1 (Build 15337) and above.
If updating the client is not possible, there are a few workarounds to this issue:
Close the error and relaunch PGPtray to start the enrollment process.
To start the enrollment process manually, click the Start button, then click Startup, and click on PGPtray.
Create a folder called PGP and put two 0kb keyring files inside called pubring.pkr and secring.skr. This will greatly increase the chances of a successful enrollment on first attempt and will fail less often (without having this PGP folder with the keyring files, the failure rate is over 75%. With the folder, failure rate is less than 25%, however due to the random nature it is not possible to put an exact failure rate).
To create these 0kb files, simply right-click in the folder, click New, and select "Text Document" and give the files the names of pubring.pkr and secring.srk. The following message will be displayed when doing so:
"If you change a file name extension, the file might become unusable. Are you sure you want to change it?"
Answer "Yes" to this prompt.
NOTE: If the above message is not displayed, please ensure Windows File Extensions are shown, otherwise, these files will not be detected as keyring files, but windows text files, and PGPtray will still continue to crash.
This is an issue that is currently being reviewed by Symantec Development. Please subscribe to this article for future updates on this issue.
NOTE: Redirecting the Documents folder to a network share has some security implications. The PGP folder contains keyring files, and although the user's folder on the network is protected with NTFS permissions, the keyring files are technically available on the network share. Symantec Encryption Keys are typically protected with a passphrase, however it is possible for users to create a key with a null passphrase given the proper permissions for the Encryption Desktop client.
If access to Encryption Keys is of any concern to users, it is not advisable to redirect the Documents folder to a network share and to keep this folder local to the user's computer.
This affects versions 10.2.1 through 10.3.2 GA (Build 15238).
NOTE: Previous versions may be affected, but have not been tested for this issue.
Imported Document ID: TECH208025
Subscribing will provide email updates when this Article is updated. Login is required.