Solved

EFS problems on Windows Server 2003

Posted on 2008-06-13
5
514 Views
Last Modified: 2008-07-15
I have EFS running in a Windows Server 2003 R2 domain environment.  Certificate services is working correctly and is issuing certificates to users that can be used for file encryption and smart card logon.  The Basic EFS, User and Smart Card logon templates have been disabled and a new single template created.

EFS on Vista workstations works correctly.  The users certificates are roaming between workstations and files can be encrypted on the local machine - the correct recover agents are added to the files.

However, when a user attempts to encrypt a file stored on a Windows Server 2003 server the encryption fails with the error message - "the window cannot act on the sent message".  If I allow EFS to create a self signed certificate for the user then the encryption works - but this obviously isn't usefull.  

So the question is - why can't the file servers locate a users certifcate which is stored in AD in order to encrypt the file?

0
Comment
Question by:-DJL-
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21779847
Does it give some kind of an error code?

"the window cannot act on the sent message" is a default Windows system error code, and not very specific. More symptoms maybe?
0
 
LVL 6

Author Comment

by:-DJL-
ID: 21780492
Hi

No - theres no other information.  Nothing is logged in the server or workstations event logs either.  Do you know if EFS has log files anywhere?
0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21784876
That's really strange, i think your best change is contacting microsoft or if it are OEM licences, your software vendor. EFS really can be a bitch.

Good luck man, i can't help you on this.
0
 
LVL 3

Expert Comment

by:Gssc1414
ID: 21799670
DJL,

Im assuming you have set the computer account of the Server to be "trusted for delegation"? I believe this is a setting needed to allow users to encrypt files on another PC (shared directory). The setting im referring to is in Active Directory Users and Computers, under the computer account for the server in which your shared directory resides.

Let me know if this helps at all.
0
 
LVL 6

Accepted Solution

by:
-DJL- earned 0 total points
ID: 21809205
Thanks for all the comments.

I was using the Smart Card certificate template - which looking more closely say it can't be used for encryption....although it works fine with EFS on Vista/2k8, but not on 2003/XP.

Now i just have to work out how you can get a smart card to both log the user on and encrypt files.

I remember now why I left EFS alone last time.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reduce vmdk file & unallocated windows partion 12 77
Server Login Issue 4 50
Event ID: 7023 / Source: Service Control Manager 4 92
2003 File Server upgrade 11 54
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now