EFS Recovery Problem
Dears, I have deployed a 2 tear CA and everything is running ok, the only problem I faced in the testing face is: Dears, I have deployed a 2 tear CA and everything is running ok, The only problem occured in the testing phase when I deleted the personal certificate that the user used to Encrypt a file, and recovered the certificate using Key Recovery Agent by using these command lines: 1-certutil –getkey “Certificate Serial Number” C:\test\Cert.P7b 2-certutil –p “P@$$w0rd” –recoverkey c:\Test\Cert.p7b c:\test\New.pfx After importing the certificate on Win. XP everything runs ok and the user can access the encrypted file, by running the same scenario on a Win. 7 , I get access is denied. Any suggestions. Thanks.
June 8th, 2011 12:49pm

I believe your using command prompt for these actions so I have to ask are you opening command prompt using elevated privileges (ie.. right click an open as administrator)? Even IF your that systems admin you must open the command prompt in that manner. That is about all the help I can be on this issue sorry.Please remember to flag a post that helps you as "answer" so that it may help others with same problems.
Free Windows Admin Tool Kit Click here and download it now
June 8th, 2011 7:30pm

Hi, I would like to advise that you must use the administrator which creates the Recovery Agent to decrypt the files. You may refer to the following link. http://technet.microsoft.com/en-us/library/cc512680.aspx Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 10th, 2011 11:41am

Dears, Thanks for your advice, but this is typically what I do, I really can recover the certificate but when I import it on the client computer I can read the encrypted files and get message "Access is denied" and even when I try to encypt a new file I get another errror stating that the Paramenter is incorrect, note that I reviewed both the thumbprint and serial number of both the certificates "The one I deleted from the personal store and the other that I recovered from the CA database and imported it back on the client computer" and the both are the same and marked as "have a private key", also note that I tried this on a windows XP client and the test passed without any errors, this problem only occur on Windows 7 clients "I tested this on windows 7 enterprise and professional editions". Please advice.
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2011 11:42am

We have the same issue in production environment, any suggestions will be appreciated, as it's a business critical case.
June 15th, 2011 1:51pm

Hi, Please try to add the certificate into computer manually. Also, please refer to the similar thread. http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/2b95f0b0-b98c-4d6a-9ba1-13e9e2cf2149/ Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2011 12:37pm

While I imagine you have most likely figured out the issue by now, I figured I'd step in an say something about encrypted files on a computer (yes I've learned a bit since my last post in this forum subject). When a person encrypts a file on the system and you need to have the ability to read that same file all you have to do is setup an encrypted file under your profile this will cause the computer to issue you a certificate for that encrypted file once this has happened the user of the other file needs to import/add your certificate to their encrypted file in order for you to have full access to it. Hope this helps anyone in the future that reads this post.Please remember to flag a post that helps you as "answer" so that it may help others with same problems.
August 16th, 2011 11:27am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics