Could anyone running Mobile Windows Device encryption please check on what admin rights they have set against the account running the PDA server service? We're on SafeBoot 5.1.2 but hopefully something like this will have barely changed between nearby versions, in case the account is compromised (obviously locally cached account running as a service).
For our DB server service the account has a privilege level of just 1 and the only right to start a the service under the systems group. The only success I've had for the PDA service is running it with all options ticked under 'PocketPC Devices' and 'PDA Servers' too. Consequently I also have the privilege access set at 2, I've tried a few likely minimum rights but I haven't hit the right combination without ticking them all.