Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Server 2003 R2 slow file browsing, lots of EFS errors

Posted on 2009-05-08
10
Medium Priority
?
762 Views
Last Modified: 2012-05-06
A month ago my server started having lots of Event ID: 6032  Source EFS errors. They flood the System log then stop for a little while.

The issue we noticed is that while those erros are happening the file browsing to the shares on the server is slow.

We only have 1 person that encrypts their files and they are running Vista using NTLMV2
There were no windows updates installed just before we started getting these errors, and no other changes have been made that I can think of.

I did upgrade the system memory from 2Gb to 3 GB because it was running at 1.7GB most of the time. It helped a little bit but those errors are still comming in everyday,

This server is also the main DC for the company.

Any help is appreciated.
0
Comment
Question by:pboustani
  • 5
  • 5
10 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 24341306
Is it possible, that a service (like backup or whatever) tries to access the files, or just other users?

This may fails as only the user, who encrypted the files can decrypt them (besides the recovery agent).
0
 

Author Comment

by:pboustani
ID: 24341326
The backup runs after 6PM the errors are happening during the day, way before the backup.

The files that this one user encrypts have been like this for months with no problems. The backup never had any problem backing up the data. It is still working now.
What ever generates these EFS errors causes the server to slow down.

I cant think of anything that might have changed recently

Any other possible solutions for the event ID above?

Thanks
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24341592
Timed out certificates?

Can you see additional errors on the server?
Backup is not the only application, which accesses files (virus scanners, index service etc.).
Does this happen all the time, also the affected user is logged off?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:pboustani
ID: 24356040
The only other errors on the are
MrxSmb - Event ID 8003
The master browser has received a server announcement from the computer SERVER2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{73EA1AB4-6F45-4924-9865-D71E5AC842AF}. The master browser is stopping or an election is being forced.

DNS - Event ID 4015
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

The efs errors did not occur over the weekend, only weekdays and there is no virus scan running . It is possible they occur only when the user is reading the files. I will keep an eye on it today when they connect.

0
 
LVL 35

Expert Comment

by:Bembi
ID: 24359304
Master browser messages seem to be normal. If the master browser service is not forces to be hosted on one single machine (i.e. a server), it can flow from one machine to another. If the actual hosting machine is logged off, the master browser needs to switch to another machine. This is a general lack of windows NetBIOS.  

Second error you should keep an eye on, if this is a temproraly error due to reebotts or whatever. Should not come up regularly. Have a look here for some reasons:
http://www.eventid.net/display.asp?eventid=4015&eventno=333&source=DNS&phase=1

EFS errors: This would point me realy to a timed out certificate on the machine / user, which encrypted the files. Check the certificates for this machine / user, if they are valid. Ask your user, if he has problems accessing the files. Note, that you will run into some trouble, if a certificate times out, which is used to encrypt files. Only the recovery agent can then decrypt the files.
0
 

Author Comment

by:pboustani
ID: 24359452
She never had any problem accessing her files. But there was one occasion when all her files seemed to be corrupt. Office, Acrobat and other programs could not open them, they kept saying Encoding error, and would not display properly.
I got this problem fixed by attaching all her documents into a new email in outlook and then close the email window without sending the 200MB attachment :). This seemed to have rescanned all the headers and I was able to open her files again.

Right now I am decrypting her files to see if the errors will stop. I never liked the MS Encryption thing. I am going to use a different encryption software which works much faster.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24362801
Yerk, this sounds like a certificate is renewed with a new key and the old certificate may be still part of Outlook and still valid?

You should decrypt all the documents as fast as you can to have an unencrypted copy.

MS works fine so far, but you have to take care of the key infrastructure. If a certificate invalidates, you may loose your date. This is common to all cert based encryption methods. The other method is just to use passwords or other keys, but maybe less safe. The default settings for certificates in MS may be very short (1-2 years) so you have to make sure, the time is long enough or you have an automatic renewal procedure (policies).  

The encryption / decryption performance depends from the key-length, so if the encryption / decryption is slow, it may have something to do with the used algorithm. If you have faster solution, you can use it of course but they maybe less save. So it depends a little bit from your security needs, what is usefull or not.
0
 

Author Comment

by:pboustani
ID: 24368666
There are few certificates under Trusted people on the 2003 server, most are administrators and probably not used to encrypt the files. The one user that does encrypt the files has a certificate there as well the date is valid and it says
"This CA Root certificate is not trusted. Install it in the Trusted Root Certification Store"
Could that be the problem I am having.

To install it do I just need to copy the certificate to the above mentioned store? See image

Thanks

certificate.gif
0
 
LVL 35

Accepted Solution

by:
Bembi earned 2000 total points
ID: 24380821
Usually, you find the users or computers certificates unter personal.

Each certificate relies on a root certificate. You have to trust the root certificate. Have a look unter Certification path to find out, who has issued this certificate. The most common public issuers are within the trusted certificated folder by default.

The certificate you have found there may be a certificate, which the user has got via a signed or encrypted email. The message above means, that the issuer is not within the list of trusted root certificates or trusted issuers. As you can not see there, if the certificate is issued for encryption, I can not say if this is the certificate, which was used. Therefore I can not tell you, if moving this certificate will solve something. If you do not know the issuer, I don't think so, if you know it, it may be.

You may try to update first your root certificates:
http://www.microsoft.com/downloads/details.aspx?FamilyID=f814ec0e-ee7e-435e-99f8-20b44d4531b0&DisplayLang=en
0
 

Author Comment

by:pboustani
ID: 24397050
I have successfully decrypted all the files and the efs errors have stopped.

The path under each users is just the users own name no other root certificate exists.

I did try moving them to Trusted root certificate folder but that did not stop the errors. It did take off that message that said
"This CA Root certificate is not trusted. Install it in the Trusted Root Certification Store"
but the errors still continued.


Anyways decrypting the files got rid of the errors and I dont have too much time to spend on this.

Thanks for you help, you get the points anyways.

Cheers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question