problem with EFS Recovery agent

P

philipingrandisson

4 month ago, i have implemented a certificate autority on my domain and i
have create one EFS Recovery Agent.

i have deployed many certificates for my users and the efs recovery agnet
work fine for these months.

today, i have make a change to my "User" certificate in the security tab, i
have deployed the updated template to one user and i have tested the recovery
of crypted data with my begening "efs recovery agent" certificate. now, i'm
unable to recover file with this certificate... Why??? i need to know why my
EFS Recovery Certificate does not work after the change. (the only thing i
have change is to enable the autoenrollment for this user).

for security, i need to have a fonctional EFS Recovery Agent

Thanks.
 
P

Paul Adare

On Mon, 10 Dec 2007 13:03:01 -0800, philipingrandisson wrote:

> 4 month ago, i have implemented a certificate autority on my domain and i
> have create one EFS Recovery Agent.
>
> i have deployed many certificates for my users and the efs recovery agnet
> work fine for these months.
>
> today, i have make a change to my "User" certificate in the security tab, i
> have deployed the updated template to one user and i have tested the recovery
> of crypted data with my begening "efs recovery agent" certificate. now, i'm
> unable to recover file with this certificate... Why??? i need to know why my
> EFS Recovery Certificate does not work after the change. (the only thing i
> have change is to enable the autoenrollment for this user).

First thing I'd check would be to make sure that the certificate from the
CA was the one actually used to encrypt the file. My guess would be that it
wasn't.


--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Downtime: Coffee breaks, lunch, or Friday mentality in the office.
 
P

philipingrandisson

Yes, the certificate was issued by the ca and not by the locL os...

"Paul Adare" wrote:

> On Mon, 10 Dec 2007 13:03:01 -0800, philipingrandisson wrote:
>
> > 4 month ago, i have implemented a certificate autority on my domain and i
> > have create one EFS Recovery Agent.
> >
> > i have deployed many certificates for my users and the efs recovery agnet
> > work fine for these months.
> >
> > today, i have make a change to my "User" certificate in the security tab, i
> > have deployed the updated template to one user and i have tested the recovery
> > of crypted data with my begening "efs recovery agent" certificate. now, i'm
> > unable to recover file with this certificate... Why??? i need to know why my
> > EFS Recovery Certificate does not work after the change. (the only thing i
> > have change is to enable the autoenrollment for this user).
>
> First thing I'd check would be to make sure that the certificate from the
> CA was the one actually used to encrypt the file. My guess would be that it
> wasn't.
>
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Downtime: Coffee breaks, lunch, or Friday mentality in the office.
>
 
B

Brian Komar

Did you run EFSINFO?
Did you verify that the certificate you think is the EFS Recovery agent has
the same thumbprint as the output states?
Do you have the private key associated with the certificate.

It is really basics.
Brian

"philipingrandisson" <philipingrandisson@discussions.microsoft.com> wrote in
message news:C5455743-D21B-452C-A6CD-585D8072AF9D@microsoft.com...
> Yes, the certificate was issued by the ca and not by the locL os...
>
> "Paul Adare" wrote:
>
>> On Mon, 10 Dec 2007 13:03:01 -0800, philipingrandisson wrote:
>>
>> > 4 month ago, i have implemented a certificate autority on my domain and
>> > i
>> > have create one EFS Recovery Agent.
>> >
>> > i have deployed many certificates for my users and the efs recovery
>> > agnet
>> > work fine for these months.
>> >
>> > today, i have make a change to my "User" certificate in the security
>> > tab, i
>> > have deployed the updated template to one user and i have tested the
>> > recovery
>> > of crypted data with my begening "efs recovery agent" certificate. now,
>> > i'm
>> > unable to recover file with this certificate... Why??? i need to know
>> > why my
>> > EFS Recovery Certificate does not work after the change. (the only
>> > thing i
>> > have change is to enable the autoenrollment for this user).
>>
>> First thing I'd check would be to make sure that the certificate from the
>> CA was the one actually used to encrypt the file. My guess would be that
>> it
>> wasn't.
>>
>>
>> --
>> Paul Adare
>> MVP - Virtual Machines
>> http://www.identit.ca
>> Downtime: Coffee breaks, lunch, or Friday mentality in the office.
>>
 
P

philipingrandisson

if i run EFSINFO /R : I have the message "No efs recovery agent is foud"
Hot to check if my 2 certificate have the same thumbprint.
yes i have the private key with my certificate.

thanks.

"Brian Komar" wrote:

> Did you run EFSINFO?
> Did you verify that the certificate you think is the EFS Recovery agent has
> the same thumbprint as the output states?
> Do you have the private key associated with the certificate.
>
> It is really basics.
> Brian
>
> "philipingrandisson" <philipingrandisson@discussions.microsoft.com> wrote in
> message news:C5455743-D21B-452C-A6CD-585D8072AF9D@microsoft.com...
> > Yes, the certificate was issued by the ca and not by the locL os...
> >
> > "Paul Adare" wrote:
> >
> >> On Mon, 10 Dec 2007 13:03:01 -0800, philipingrandisson wrote:
> >>
> >> > 4 month ago, i have implemented a certificate autority on my domain and
> >> > i
> >> > have create one EFS Recovery Agent.
> >> >
> >> > i have deployed many certificates for my users and the efs recovery
> >> > agnet
> >> > work fine for these months.
> >> >
> >> > today, i have make a change to my "User" certificate in the security
> >> > tab, i
> >> > have deployed the updated template to one user and i have tested the
> >> > recovery
> >> > of crypted data with my begening "efs recovery agent" certificate. now,
> >> > i'm
> >> > unable to recover file with this certificate... Why??? i need to know
> >> > why my
> >> > EFS Recovery Certificate does not work after the change. (the only
> >> > thing i
> >> > have change is to enable the autoenrollment for this user).
> >>
> >> First thing I'd check would be to make sure that the certificate from the
> >> CA was the one actually used to encrypt the file. My guess would be that
> >> it
> >> wasn't.
> >>
> >>
> >> --
> >> Paul Adare
> >> MVP - Virtual Machines
> >> http://www.identit.ca
> >> Downtime: Coffee breaks, lunch, or Friday mentality in the office.
> >>
>
 
You must log in or register to reply here.

Similar threads

H
How can I access to these EFS file on the new computer.
Replies
0
Views
31
Hai Dang Nguyen
H
A
Decrypting EFS encrypted USB Drive
Replies
0
Views
62
Ak1M1
A
H
Smart card logon on windows says "Signing with a smart card isn't supported for your account. For more info, contact your admin".
Replies
0
Views
12
Hanish Gopi
H
H
Smart card logon on windows says "Signing with a smart card isn't supported for your account. For more info, contact your admin".
Replies
0
Views
21
Hanish Gopi
H
H
Smart card logon on windows says "Signing with a smart card isn't supported for your account. For more info, contact your admin".
Replies
0
Views
15
Hanish Gopi
H
Back
Top Bottom