Replaced EFS DRA. Some machines get Access Denied
We have a DRA certificate on our certificate server. This server is applied to the domain using group policy. Recently, our DRA certificate expired. The admin account for which this certificate had been created is no longer a valid account. Therefore, we could not renew the certificate. Additionally, we have all My Document folders redirected to a central server with all local copies of My Documents being encrypted with EFS. Once the DRA certificate expired, all the Vista installations began having "Access Denied" errors when trying to open documents created or modified after the DRA certificate's expiration. The XP installations had no issues. We created a new certificate for an account which will never be invalid. We applied that certificate through group policy. This fixed the problem with 98% of the Vista installations. A handful of Vista installations would not accept the new certificate and continued to have "Access Denied" errors. We tried forcing updates to GP. We tried rebuilding the user's profiles on those machines. The only thing that worked was a complete rebuild of the machine. Rebuilding was fine on the initial group that had standard installs. We have a user with a significant degree of customization. We would prefer a solution that would not require a rebuild for him. We would appreciate any insights from the forum. Thanks, Keith
March 29th, 2010 8:09pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics