PGP Universal Server 2.9: Resolved Issues

Keys and Certificates

* Exporting private keys with a passphrase from the administration console now requires you to confirm the passphrase you choose. [15409]
* If an imported certificate has multiple configured CDPs, and if PGP Universal Server cannot contact the first CDP, it searches the next CDP. [16013]
* SCKM key revocation behavior is consistent between PGP Desktop Mac OS X and Windows installations. [16058]
* Improved handling of users with backslashes in their names. [16188]
* The default keyserver list on PGP Universal Server is now properly consulted for signature verification by the PGP Desktop client. [16444]
* Improved handling of externally generated Organization Certificates. [17385]
* When you delete a user key, the warning message now displays the key ID and user name. [17391]
* Uploaded users keep their attached certificates even if there is no Organization Certificate on the PGP Universal Server. [17409]
* Administrators can no longer revoke SCKM keys. [17447]
* Client browsers now trust PGP Universal Server SSL certificates issued by intermediate CAs when the intermediate CA certificates are loaded into the trusted certificate list. [17484]
* User's certificates can never expire later than the issuing Organization Certificate. [17531]
* In previous releases, the 'CN' value in exported, self-signed certificates was inaccurate. In this release, the 'CN' value in such certificates is accurate. [16964]
* In version 2.8.1, X.509 certificates for internal users were not appearing in the console. In this release, these certificates display. [17094]
* Importing internal and external user certificates with subjects that contain ISO-8859-1 encoded characters is now possible, but if the display name is non-UTF-8, it will not be set. [17593]
* External PGP Universal Satellite user keys are now renewed correctly. [17710]


* PGP Universal Server uses TLS for inbound and outbound messages when the connecting mail server supports it. [7962]
* TLS proxies now continue to work even if the SSL/TLS certificate is expired. [14565]
* When PGP Desktop loses contact with the PGP Universal Server, it tries to resend messages again after 15 minutes. This setting can be changed through the Internal User XML Preferences Editor. Call PGP Support for help. Do not try to edit this setting on your own. [15098]
* Improved character set handling in our Outlook and Notes products. [16145]
* When PGP Universal Server is in learn mode, non-RFC compliant email is sent unprocessed and in the clear. Turn learn mode off to process mail through the exception chain. [17256]
* Improved handling of special characters in email Subject field. [17790]

PGP Universal Web Messenger

* Improvements in PGP Universal Web Messenger performance. [11446, 17400]
* PGP Universal Server now logs when PGP Universal Web Messenger user accounts expire and are deleted. [12766]
* PGP Universal Web Messenger messages composed to non-existent users now properly receive bounce messages in a user's inbox. [14617]
* The PGP Universal Web Messenger list of sent messages now shows message recipients. [15239]
* You can sort by column in the PGP Universal Web Messenger Inbox. [15612]
* A PGP Universal Web Messenger user's last login time is now displayed. [15670]
* Multiple PGP Universal Web Messenger users cannot access the same account on the same server at the same time. [15672]
* When using the Require Sender Authentication feature of PGP Universal Web Messenger, users are now explicitly prompted to change their passphrase on their first login rather than relying on them to do it on their own. [15730]
* When customizing the PGP Universal Web Messenger template in advanced mode, pressing the back button then the forward button of your browser will not lose changes made to fields of the form. [16575]
* PGP Universal Web Messenger user lockout status is now replicated between cluster members. Thus, a user account can be unlocked from any server in a cluster. [17247]
* When the PGP Universal Web Messenger port is changed, PGP Universal Server now sends the correct notification link. [17268]
* The PGP Universal Web Messenger usage counter now displays the correct percentage of total storage quota used. [17280]
* In previous releases, when an external user with 4 GB or larger storage quota tried to log in to PGP Universal Web Messenger an unhandled exception error message displayed and the user was not able to log in. In this release, users with storage quotas of any size can log in as expected. [16907]
* Improved PGP Universal Web Messenger security to prevent users from accessing the content of other users' messages. [18688]
* Improve PGP Universal Web Messenger security by limiting the kinds of characters permitted in the URL page query strings. [18692, 18769]

LDAP Directory Synchronization

* Unavailable directory synchronization servers do not cause immediate errors in normal SMTP processing. [16009]
* The directory synchronization "Test" button now properly tests LDAPS connections. [16262]
* If directory synchronization is enabled, only email addresses listed in the LDAP directory for that user are published on the user's key. [17210]
* LDAP attributes are now validated so that Internal user policy is applied as expected. [17215]
* The directory synchronization LDAP passphrase is now encrypted when viewed in the page's HTML source. [17238]
* Improved handling of transient failures of the LDAP server. [18498, 18694, 18143, 18282]

PGP Whole Disk Encryption

* Using a recovery CD or other recovery methods to decrypt a managed PGP Whole Disk Encryption installation can be prevented by enabling the Store decryption policy on fixed disks setting and disabling the Allow Decryption setting. [12959]
* Whole Disk Encryption BootGuard customization now comes packaged with a grey screen. [15537]
* WDRT is displayed in the UI for all users sharing the same encrypted computer. [16710, 16730]
* PGP Universal Server now properly configures PGP Whole Disk Encryption policy for PGP Desktop version 2.6 clients and older. [17298]
* Removable encrypted disks attached to a shared computer are only displayed for the internal user who owns the Whole Disk Recovery Token (WDRT) for that disk. Other users enrolled on the shared computer are not associated with the removable disk. The default is now to enable generation of WDRTs. [17341]
* There must be at least three failed login attempts before a user is locked out through PGP WDE BootGuard. [17381]
* PGP Universal Server now correctly displays encrypted user disk status as encrypted, instead of as unknown. [17834]
* When a user is deleted, associated WDRTs are not removed from PGP Universal Server. In previous releases, when an administrator added an Ignition Key, PGP Universal Server's attempts to encrypt orphaned WDRTs to the Ignition Key caused memory usage problems. PGP Universal Server no longer attempts to encrypt orphaned WDRTs to new Ignition Keys. [18446]
* When an administrator smart card key is added to internal user policy, PGP Whole Disk Encryption installations now accept the policy changes correctly. [18652]

PGP Desktop Administration

* PGP Desktop users cannot change the unmount time for virtual disks when the "Allow user to change options" setting is disabled on PGP Universal Server. [16695]
* The PGP Desktop Setup Assistant now prompts a user for a passphrase during silent enrollment if their LDAP passphrase does not unlock an existing key. [16782]
* In version 2.8.1, when entering a PGP Desktop version 9.5 or later license on the PGP Universal Server, a Java exception occurs. In this version, when such licenses are entered, an exception does not occur. [17078]
* In previous releases, when configuring a policy to create a FAT16 drive automatically, setting the drive size above 512 MB resulted in an inaccurate error message stating that the disk size is too large for FAT32. In this release, the error message accurately states FAT16 instead of FAT32. [17146]
* Managed PGP Desktop for Mac OS X now starts correctly after installation. Previously if certain features were disabled by policy, PGP Desktop would not start. [17852]
* Customized PGP NetShare blacklist entries with no backslash character at the end of the folder name are now handled. [18023]
* PGP NetShare now resolves short name components correctly in blacklists and whitelists. [18063]
* The PGP Desktop Setup Assistant now properly handles the case where a user had an existing SKM key but the PGP Universal Server specified that SKM mode is not allowed. [18123]
* Single Sign-On now works correctly for PGP Desktop 9.6.3 managed by PGP Universal Server 2.9. [18295]


* Clustered PGP Universal Servers now all display the same primary email address in the PGP Verified Directory for users with more than one email address. [12571]
* Keys cached from the mailflow are now replicated to all servers in the PGP Universal Server cluster. [17231]
* Regrouping external users is now replicated from the cluster Primary to the Secondaries. [17234]
* PGP Universal Server performance can be tuned to match the needs of your environment. Contact PGP Support for help in changing when internal user last access information is replicated across a cluster. [17355]
* Improved the process that allows a PGP Universal Server to join a cluster. [17500]
* In previous releases, edits to the Organization Key were not automatically replicated to the other cluster members. In this release, such changes are automatically replicated to the other cluster members. [17014]
* User data is replicated correctly from the Secondary to the Primary for users enrolling on an already-encrypted shared computer to a Secondary PGP Universal Server. [18296]

Performance and Scalability

* Improved timeout method to allow uploading and publishing large numbers of internal user keys even when the server is under heavy load. [16067]
* Improvements in PGP Universal Server performance. [16587, 16721, 16759, 17213, 17328, 17333 17351, 17407, 17408, 17632, 17641, 18035, 18041, 18112, 18302, 18344, 18438]
* In version 2.8.1, deleting multiple users took a long time without indicating that the server was still responding. In this release, deleting multiple users at time is much quicker. [17010]
* PGP Universal Server no longer uses only 4 GB of memory if more is available. [17647]
* Improvements in scalability of PGP Universal Server. [18514, 18534]
* Improvements in the stability of PGP Universal Server. [18635, 18730]
* Improved the scheduling of long-running maintenance processes in PGP Universal Server. [18516]

PDF Messenger

* When a message with attachments is converted into a PDF Messenger message, attachments in the original mail that have international characters in their names are converted to attachments on the PDF with the name "att" plus a file extension. [15659]
* PDF Messenger can now tolerate email messages with incorrect line ending characters. [16035]
* The PDF Messenger Read me first.html link now redirects correctly. [16626]
* Improved PDF Messenger handling. [16778]
* In previous releases, delivery receipts for PDF Messenger did not get logged when the message was accessed through the PGP Universal Web Messenger interface. In this release, such delivery receipts are logged. [17082]

Internationalization Improvements

* Message template text now displays correctly in Japanese. [15657]
* Improved translations for PGP Universal Web Messenger text. [16070]
* Improved German and Japanese translation in PGP Universal Web Messenger. [16070, 16328, 16779, 16780, 16959, 16960, 16962, 17999, 18000, 18314, 18492]
* Japanese text in subject and message body are now readable for PDF Messenger on Mac OS X. [16742]
* Hebrew characters now display correctly in PDF Messenger. [17553]
* Email messages based on message templates now correctly display non-ASCII characters. [17583]
* PDF Messenger correctly delivers messages with Japanese characters in the From/To/CC/BCC fields. [17602]

Backups, Restoring Data, and Upgrades

* When restoring a backup, PGP Universal Server now checks for adequate free space before executing the restoration process. If there is not enough free space, an error message appears, stating that the backup file is not valid. [13414]
* PGP Universal Server presents an error message if the user tries to PUP update to or from an incompatible version. [13836, 15351]
* Improved the upgrade reliability of PGP Universal Server installations with large user bases. [16593]
* Improved handling of upgrades. [17498, 18365]
* Improved handling of large backup files. [17164, 17202]
* You can upgrade from previous versions using a PGP update on computers with more than 4GB of RAM, but the PGP Universal Server will not automatically restart after upgrade. Workaround: For the upgrade to take affect on computers with more than 4GB of RAM, you must manually restart them after the upgrade completes. [17717]
* Backed up data restores successfully for PGP Universal Server when installed using custom file partitions via the "expert" Boot Option. [18455]

User Interface Improvements

* Selecting more than 30 individual users from the internal user's list for export now works without error. [12623]
* System activity graph generation no longer causes errors to appear in the log file during data restoration. [12816]
* You can now sort by various fields on the Internal User screen. [15601]
* The Daily Status email and the administration console now display a larger set of alerts. [15642]
* The reporting graphs for WDE information now display the number of devices encrypted or decrypted, rather than the amount of disk space encrypted or decrypted. [16074]
* Improved tab accessibility on the Options menu on list screens in the administration console. [16396]
* Improved ADA accessibility. [16640]
* In previous releases, when an internal user policy was edited and saved, the policy would be moved to the end of the list of internal user policies, regardless of where it was in the list before saving it. In this release, when a policy is edited and saved, it remains at the same place in the list. [16830]
* In previous releases, changes made to the permissions on the 'General' tab of Desktop Policy did not persist when saved. In this release, changes to these options persist when saved. [16928]
* In previous releases, the list of external users did not sort by either the 'Last Use' or 'Usage' columns. In this release, the list of external users can be sorted by any column. [16944]
* In previous releases, the CSV file created by clicking the 'Export WDE Activity' button had formatting and consistency issues. In this release, there are no formatting or consistency issues with this report. [16967]
* In previous releases, when you entered an incorrect username for the Bind DN, an inaccurate error message displayed. In this release, the message "Cannot authenticate with the server based on the information you entered" displays when any of the information in the Bind DN does not allow authentication. [17063]

PGP Universal Server Administration

* When you restrict access to specific hosts, using SNMP and a polling server, the listed hosts are allowed as expected. In previous releases, the listed hosts were blocked. [16797]
* Improvements in PGP Universal Server logging. [16923, 16939, 16954, 17082, 17098, 17121]
* In previous releases, VMWare Tools were not included with PGP Universal Server. In this release VMWare tools are present but not enabled by default. Contact PGP Support for assistance to enable this feature. [17043]
* In previous releases, a 'service control only' administrator could not enable or disable PGP Universal Server services. In this release, a 'service control only' administrator can enable or disable services. [17057]
* Changing the time on the PGP Universal Server no longer prevents access to the keyserver. [17062]
* Improved logging on PGP Universal Server. [17226]