Symantec PGP Encryption

  • Private Community
 View Only

  • 1.  Error 3090: Server unwilling to perform.

    Posted May 07, 2019 10:52 PM

    Hi everyone. I encountered issue with PGP command line and Symantec Encryption Management Server as follows.

    C:\Users\xxxx>pgp --keyserver-send "System A"
    pgp:keyserver send (2710:days left in current license, 25)
    0x215381AA:keyserver send (2509:keyserver error)
    ldap://xxx.xxx.xxx.xxx:389/:keyserver send (3090:operation failed, Server is unwilling to perform)

    Based on the error code, it seems to be the issue with the server's schema. Any help would be appreciated.

    PGP Command Line 10.4.2 build 61

    SEMS version: 3.4.2 MP2 (build 502)



  • 2.  RE: Error 3090: Server unwilling to perform.

    Posted May 08, 2019 03:33 AM

    When did this last work, and what troubleshooting have you performed for far?



  • 3.  RE: Error 3090: Server unwilling to perform.

    Posted May 08, 2019 10:43 PM

    Hi, SMLatCST.

    It never worked before. This is for my testing purposes to prove to my clients that the SEMS can manage the PGP CLI's keys.

    As for the troubleshooting steps, I have attempted to import the SEMS's certificate into the PGP  CLI's host PC but it still doesn't work



  • 4.  RE: Error 3090: Server unwilling to perform.

    Posted May 09, 2019 09:16 AM

    Have you had a look at the user guide?  Page 55 of the below, suggest your command is both incorrectly formatted and missing information.

    https://www.symantec.com/docs/DOC9492

    Its example command is:

    pgp --keyserver-send alice@example.com --keyserver ldap://keyserver.example.com

    Whereas your command appears to specify the SEMS as the key you're trying to send, and fails to correctly state the address of the SEMS as well.  Could you try reformatting your command please?

    In fact, I'd highly recommend reviewing the entire user guide again, if possible.



  • 5.  RE: Error 3090: Server unwilling to perform.

    Posted May 09, 2019 10:37 PM

    Hi, SMLatCST.

    Apologies. It seems I failed to make myself clear regarding the keyserver. Actually, I have already specificied the keyserver in the PGP CLI configurations file so that CLi will only attempt to connect to the specified keyserver so there's no need to specify the keyserver in my command. In fact, the output of the command shows the IP address of the specified keyserver.

    Regardless, I have previously tried with the format you suggested.

    pgp --keyserver-send alice@example.com --keyserver ldap://keyserver.example.com

    but the same error occured as well.

    Do you have anything else to suggest so that I may test?



  • 6.  RE: Error 3090: Server unwilling to perform.

    Posted May 10, 2019 04:01 AM

    Ah, gotcha!

    I can't seem to find any reference for those error messages, so you might need to log a case with Symantec on this one.

    I would recommend checking that the services on the SEMS are working correctly though.  Perhaps install a full SED client and see if that is able to upload keys correclty?  What do the SEMS logs record on the server side when you try to upload the keys from Command Line?