File Share Encryption

Have 2 laptops and 1 user.

On laptop A the user logins with their windows password via PGP at boot with the single signon.

When they reset their password on the laptop A and even manually sync the keys to the PGP Universal Server and rebooted, PGP still is using the old password.

If the users does the same on laptop B, when they change the password and sync the key, on reboot, PGP is using the new password.

I've looked at laptop A and cache appears to be off (was on before).  I've used the re-register tool to re-register them with the PGP server, makes no difference.  Removed all the PGP key files on the laptop associated with that users manually, makes no difference.  Removed the user from the PGP server and from the laptop and even removed them from the User Access section.  Then re-added them, makes no difference.

Any ideas why it's not syncing the new password?

Looking at the logs on both laptops it says

"Completed synch with configuration server OUR SERVER NAME"

I've also now noticed if laptop A syncs to the server and I go back to laptop B, laptop A has force laptop B to start using the old Windows password as well for the PGP login.  Obviously then failing to login when gets to Windows as it's not the current domain password.

I'm changing the password via AD due to the annoying group policy being set that a users can't change their password if changed it within 15 days or already being changed.

So once do that I login to Windows and do a sync.  All works fine on laptop B, but refuses to update on laptop A with PGP still insisting on using the old passphase.

Please see http://www.symantec.com/docs/TECH149367

I suspect you know to use Ctrl-Alt-Del to change SSO passphrases. 

For PGP to pick up the new one?  No.  Does PGP detect the ctrl-alt-del password change then?  What happens when their password expires at login and they're asked to change it, does PGP also pick that up?

On are other laptops, when I've changed the password via AD and they've logged in.  Later when they reboot (as I've set the server to check in every 30mins for password changes) it all seems to sync fine and when they reboot PGP is using the new windows password as it's passphase.

On the one on laptop A, I'm unable to do a ctrl-alt-del password change because of our group policy, stopping users from changing their passwords multiple times per day.  It's kicked in, so isn't allowing me to change the password for another 15 days, hence I'm having to do it via AD.

I don't manage a PGP Universal Server, so am not aware of all the options in such setting.  However, the general recommendation is to use Ctrl-Alt-Delete to change the SSO passphrase.  If you don't, you will need to use the old passphrase on the next reboot, and then be able to use the new passphrase on subsequent boots.  Even on my Symantec computer that is PGP Universal managed, Ctrl-Alt-Delete is used, followed by logging out and then logging back in with the new passphrase.

But that doesn't explain why I can change the password in AD on laptop B, login, force a key sync, reboot and then PGP is using the new passphase.  Yet on laptop A it won't.  And never does.  Even after several reboots it still insists on using the passphase that specific user was setup with and enrolled with.

What version of PGP desktop do you use?

I seen this problem with 10.1

10.2.  Only appears to be for this one user as well.

Try to change the order of PGPpwflt in Network provider