EFS blocking users from accessing their encrypted files

Discussion in 'Server Migration' started by M Skabialka, Jun 6, 2007.

  1. M Skabialka

    M Skabialka Guest

    When we upgraded the server from Server 2000 to 2003 there were some user
    documents that were encrypted (not sure if before or after the upgrade).
    The users are now unable to decrypt the files, copy or even read them, and
    even though I took ownership of one of the files (as a test) as the domain
    admin, neither can I.
    The error message when trying to decrypt is: "An error occurred applying
    attributes to the file: \\XXX\xxx\file.doc. This machine is disabled for
    file encryption."
    When trying to copy: "Cannot copy file.doc: Access is denied. Make sure
    that the disk is not full or write-protected and that the file is not
    currently in use."
    NTBackup does not back the encrypted files up, saying they are in use, which
    they aren't. "Warning: The file \Documents and Settings\ABC\My
    Documents\file.doc in use - skipped."
    Under file properties, general, Attributes, Advanced, Encrypt contents to
    secure data is checked, but when I click Details, A window titled EFSADU
    pops up saying "Unable to find the user information for the file." and the
    option to add users is grayed out. No data recovery agents are listed.
    We have tried turning encryption on and off on the server and rebooting each
    time but nothing works. The users is on Win XP Pro, where encryption works.
    How can we solve this problem?

    Thanks,
    Mich
     
    M Skabialka, Jun 6, 2007
    #1
    1. Advertisements

  2. Hello Mich,

    Thank you for using newsgroup!

    From your post, it seems you have upgraded to Windows Server 2003 before
    you backup the EFS encrypted files. I suspect there is no way to recover.
    Maybe the following information is helpful:

    You may use the reccerts utility to retrieve the user's certificate and
    Private key from a profile backup if the backup profile exists.

    reccerts.exe -path:<profile path> -password:<password>

    Encrypted file system recovery
    http://www.beginningtoseethelight.org/efsrecovery/

    Note: This response contains a reference to a third party World Wide Web
    site. Microsoft is providing this information as a convenience to you.
    Microsoft does not control these sites and has not tested any software or
    information found on these sites; therefore, Microsoft cannot make any
    representations regarding the quality, safety, or suitability of any
    software or information found there. There are inherent dangers in the use
    of any software found on the Internet, and Microsoft cautions you to make
    sure that you completely understand the risk before retrieving any software
    from the Internet.

    Related Article:
    223316: Best practices for the Encrypting File System
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.




    --------------------
    | From: "M Skabialka" <>
    | Subject: EFS blocking users from accessing their encrypted files
    | Date: Wed, 6 Jun 2007 09:33:56 -0500
    | Lines: 26
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
    | X-RFC2646: Format=Flowed; Original
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
    | Message-ID: <>
    | Newsgroups:
    microsoft.public.windows.server.setup,microsoft.public.windows.server.migrat
    ion,microsoft.public.windows.server.security
    | NNTP-Posting-Host: drc19232003.drc.com 192.173.12.3
    | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.migration:1301
    microsoft.public.windows.server.security:1471
    microsoft.public.windows.server.setup:1811
    | X-Tomcat-NG: microsoft.public.windows.server.migration
    |
    | When we upgraded the server from Server 2000 to 2003 there were some user
    | documents that were encrypted (not sure if before or after the upgrade).
    | The users are now unable to decrypt the files, copy or even read them,
    and
    | even though I took ownership of one of the files (as a test) as the
    domain
    | admin, neither can I.
    | The error message when trying to decrypt is: "An error occurred applying
    | attributes to the file: \\XXX\xxx\file.doc. This machine is disabled for
    | file encryption."
    | When trying to copy: "Cannot copy file.doc: Access is denied. Make sure
    | that the disk is not full or write-protected and that the file is not
    | currently in use."
    | NTBackup does not back the encrypted files up, saying they are in use,
    which
    | they aren't. "Warning: The file \Documents and Settings\ABC\My
    | Documents\file.doc in use - skipped."
    | Under file properties, general, Attributes, Advanced, Encrypt contents to
    | secure data is checked, but when I click Details, A window titled EFSADU
    | pops up saying "Unable to find the user information for the file." and
    the
    | option to add users is grayed out. No data recovery agents are listed.
    | We have tried turning encryption on and off on the server and rebooting
    each
    | time but nothing works. The users is on Win XP Pro, where encryption
    works.
    | How can we solve this problem?
    |
    | Thanks,
    | Mich
    |
    |
    |
     
    Ken Zhao [MSFT], Jun 7, 2007
    #2
    1. Advertisements

  3. M Skabialka

    M Skabialka Guest

    Our HQ IT wizards were able to follow your links and find some attributes
    not assigned, which caused the encryption/decryption problems. Whatever it
    was, they were able to fix it! Thanks for your help!

    Mich

     
    M Skabialka, Jun 8, 2007
    #3
  4. Hi Mich,

    Thanks for your response and glad to hear that your HQ IT wizards were able
    to fix it.

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.




    --------------------
    | From: "M Skabialka" <>
    | References: <>
    <>
    | Subject: Re: EFS blocking users from accessing their encrypted files
    | Date: Fri, 8 Jun 2007 11:53:41 -0500
    | Lines: 119
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
    | X-RFC2646: Format=Flowed; Original
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
    | Message-ID: <#>
    | Newsgroups: microsoft.public.windows.server.migration
    | NNTP-Posting-Host: drc19232003.drc.com 192.173.12.3
    | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.windows.server.migration:1308
    | X-Tomcat-NG: microsoft.public.windows.server.migration
    |
    | Our HQ IT wizards were able to follow your links and find some attributes
    | not assigned, which caused the encryption/decryption problems. Whatever
    it
    | was, they were able to fix it! Thanks for your help!
    |
    | Mich
    |
    | | > Hello Mich,
    | >
    | > Thank you for using newsgroup!
    | >
    | > From your post, it seems you have upgraded to Windows Server 2003 before
    | > you backup the EFS encrypted files. I suspect there is no way to
    recover.
    | > Maybe the following information is helpful:
    | >
    | > You may use the reccerts utility to retrieve the user's certificate and
    | > Private key from a profile backup if the backup profile exists.
    | >
    | > reccerts.exe -path:<profile path> -password:<password>
    | >
    | > Encrypted file system recovery
    | > http://www.beginningtoseethelight.org/efsrecovery/
    | >
    | > Note: This response contains a reference to a third party World Wide Web
    | > site. Microsoft is providing this information as a convenience to you.
    | > Microsoft does not control these sites and has not tested any software
    or
    | > information found on these sites; therefore, Microsoft cannot make any
    | > representations regarding the quality, safety, or suitability of any
    | > software or information found there. There are inherent dangers in the
    use
    | > of any software found on the Internet, and Microsoft cautions you to
    make
    | > sure that you completely understand the risk before retrieving any
    | > software
    | > from the Internet.
    | >
    | > Related Article:
    | > 223316: Best practices for the Encrypting File System
    | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
    | >
    | > Thanks & Regards,
    | >
    | > Ken Zhao
    | >
    | > Microsoft Online Support
    | > Microsoft Global Technical Support Center
    | >
    | > Get Secure! - www.microsoft.com/security
    | > <http://www.microsoft.com/security>
    | > ====================================================
    | > When responding to posts, please "Reply to Group" via your newsreader so
    | > that others may learn and benefit from your issue.
    | > ====================================================
    | > This posting is provided "AS IS" with no warranties, and confers no
    | > rights.
    | >
    | >
    | >
    | >
    | > --------------------
    | > | From: "M Skabialka" <>
    | > | Subject: EFS blocking users from accessing their encrypted files
    | > | Date: Wed, 6 Jun 2007 09:33:56 -0500
    | > | Lines: 26
    | > | X-Priority: 3
    | > | X-MSMail-Priority: Normal
    | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
    | > | X-RFC2646: Format=Flowed; Original
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
    | > | Message-ID: <>
    | > | Newsgroups:
    | >
    microsoft.public.windows.server.setup,microsoft.public.windows.server.migrat
    | > ion,microsoft.public.windows.server.security
    | > | NNTP-Posting-Host: drc19232003.drc.com 192.173.12.3
    | > | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
    | > | Xref: TK2MSFTNGHUB02.phx.gbl
    | > microsoft.public.windows.server.migration:1301
    | > microsoft.public.windows.server.security:1471
    | > microsoft.public.windows.server.setup:1811
    | > | X-Tomcat-NG: microsoft.public.windows.server.migration
    | > |
    | > | When we upgraded the server from Server 2000 to 2003 there were some
    | > user
    | > | documents that were encrypted (not sure if before or after the
    upgrade).
    | > | The users are now unable to decrypt the files, copy or even read them,
    | > and
    | > | even though I took ownership of one of the files (as a test) as the
    | > domain
    | > | admin, neither can I.
    | > | The error message when trying to decrypt is: "An error occurred
    applying
    | > | attributes to the file: \\XXX\xxx\file.doc. This machine is disabled
    | > for
    | > | file encryption."
    | > | When trying to copy: "Cannot copy file.doc: Access is denied. Make
    sure
    | > | that the disk is not full or write-protected and that the file is not
    | > | currently in use."
    | > | NTBackup does not back the encrypted files up, saying they are in use,
    | > which
    | > | they aren't. "Warning: The file \Documents and Settings\ABC\My
    | > | Documents\file.doc in use - skipped."
    | > | Under file properties, general, Attributes, Advanced, Encrypt
    contents
    | > to
    | > | secure data is checked, but when I click Details, A window titled
    EFSADU
    | > | pops up saying "Unable to find the user information for the file." and
    | > the
    | > | option to add users is grayed out. No data recovery agents are
    listed.
    | > | We have tried turning encryption on and off on the server and
    rebooting
    | > each
    | > | time but nothing works. The users is on Win XP Pro, where encryption
    | > works.
    | > | How can we solve this problem?
    | > |
    | > | Thanks,
    | > | Mich
    | > |
    | > |
    | > |
    | >
    |
    |
    |
     
    Ken Zhao [MSFT], Jun 11, 2007
    #4
  5. M Skabialka

    StuartH Guest

    Have you tried running EFSINFO (support tool) to see what shows up on the
    folder ?
     
    StuartH, Jun 20, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.