Long story, short: There are keys of hers stored on the Universal Server
which have nothing to do with WDE. PGP Desktop has, in the past, created
these keys and they serve no purpose other than to confuse people. (Not
in our environment, anyway.)
If you can confirm that the user has no knowledge of ever having used
these keys, I'll delete them, and that prompt will most likely go away.
Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont
On 20120228 13:40 , Mickey Mossey wrote:
> And the saga continues.
> At about 12:30 (before this email came across the wire), I get a call
> from the user who was having issues. She had rebooted her computer and
> was being asked to re-enroll her system. When I went to her desk and had
> her enter her password, it came back with an error that the system was
> already enrolled and it couldn't continue. PGP desktop wouldn't load,
> either stating that it couldn't connect to the enterprise server for the
> organization. At this point, Thunderbird wouldn't send or receive from
> the imap server at all. No matter how many times I would click on the
> "accept" with the certificate error it wouldn't go away. Sending emails
> would time-out. I'm not sure if emails actually made it into her mailbox.
> So I rebooted the machine and logged in with my NetID, which was already
> enrolled on the system from when I set the machine up. I booted into my
> profile with no issues, it did not ask me to re-enroll and all was
> good. While I was logged in I upgraded to the newest version of PGP
> desktop. Rebooted, logged back in as me, all was good.
> Rebooted and used the credentials of my user and once it booted into
> windows, it once again asked for re-enrollment of the system. Her
> password was entered and then it proceeded to show this dialog:
> Her netid password did not work for this box. I cancelled through it
> and the rest of the system loaded. PGP desktop loaded without any
> issues and the certificate error in Thunderbird has gone away. She can
> use her email without incident now.
> Upon reboot, enrollment doesn't seem to be requested anymore, but this
> box comes up -- with the same results as the above box -- nothing works
> for a password and there's no way to "ok" by it. I can hit cancel and
> things seem to be running normal after that point.
> On 2/28/2012 12:48 PM, J. Greg Mackinnon wrote:
>> Okay, so this is a new version of an old problem. There are ways to
>> remove the PGP components that we don't want in the product. If I
>> recall correctly, the procedure is to modify the registry here:
>> HKLM\Software\PGP Corporation\PGP\
>> (or HKLM\Software\Wow6432Node\PGP Corporation\PGP\ or 64-bit Windows)
>> where you will disable the mail-related components of PGP by setting
>> the DWORD entries for "PGP_INSTALL_LSP", "PGP_INSTALL_MAPI",
>> "PGP_INSTALL_MAPI_PLUGIN", "PGP_INSTALL_GROUPWISE", and
>> "PGP_INSTALL_NOTES" to "0". You then need to re-install PGP from the
>> command line following the directions here:
>> I will try to put together a script and installer that will take care
>> of these steps automatically. This will treat the symptoms without
>> addressing the actual problem, which is that your PGP Client likely is
>> not communicating with the PGP Universal Server to get fresh policy.
>> If it were, the client would be informed to disable the mail
>> component, and you would not be seeing this error. However, treating
>> the root cause will require us to open a support case with PGP, and
>> again we likely would need to borrow the affected computer for a bit,
>> so I am content to simply find a workaround for the problem if that
>> works for you.
>> On 2/28/2012 9:17 AM, Mickey Mossey wrote:
>>> This machine has been built and using the PGP software for probably
>>> close to two years.
>>> On 2/28/2012 9:16 AM, J. Greg Mackinnon wrote:
>>>> That is not it. That error comes up whenever the PGP mail module
>>>> becomes active. PGP is doing a reverse lookup on the imap server to
>>>> which Thunderbird is connecting. The mail module is not supposed to
>>>> be active, but it has switched on in the past on systems that have
>>>> not yet enrolled with the PGP Universal server. Has this system
>>>> enrolled yet?
>>>> On 2/28/2012 8:56 AM, Benjamin Coddington wrote:
>>>>> Is Thunderbird set up to connect to "penguin.uvm.edu" instead of
>>>>> "imap.uvm.edu"? That might cause this problem.
>>>>> On Feb 28, 2012, at 8:24 AM, Mickey Mossey wrote:
>>>>>> I have a user that got this popup on their machine this morning
>>>>>> when logging into Thunderbird. Thoughts?
>>>>>> Mickey Mossey
>>>>>> Senior Associate Director of Information Technology
>>>>>> Programming / System Administration
>>>>>> University of Vermont Foundation
>>>>>> Personal Line: 802-656-4133
>>>>>> IT Main Line: 802-656-8310
>>>>>> UVM Foundation Website:
>>>>>> UVM's Alumni Website:
> Mickey Mossey
> Senior Associate Director of Information Technology
> Programming / System Administration
> University of Vermont Foundation
> Personal Line: 802-656-4133
> IT Main Line: 802-656-8310
> UVM Foundation Website: http://www.uvmfoundation.org/
> UVM's Alumni Website: http://alumni.uvm.edu/