Encryption file problem

We recently moved all of our User Shared Folders from an SBS 2003 server to a 2008 R2 server.  Some of the users had encrypted data and we decrypted the data, copied to the 2008 server and then encrypted.  That all works fine.
The problem is I need to restore some files from our offsite backup that are several years old.
I found if I restore to the old SBS 2003 server the user can read.  If I restore the same files to the new server the user cannot open the files.  I did do an export of the recovery agent certs and restored on the 2008 server but the user still cannot read the files.

There must be a Cert buried somewhere that has been missed?
It would seem like we should be able to import the correct Cert onto the 2008 server so the user can read these older files.
Suggestions?
djpierce54Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ImaCircularSawTechnical LeadCommented:
Is the domain admin account able to read the files?  Are the users the same or are their SIDs different?  It could be that once recovered, the files need to have their owner accounts re-set.
0
djpierce54Author Commented:
No the Domain Admins cannot read the files.
Only the user who created and originally encrypted the file can read it.

I do not think the SID changed as the accounts are the same on the AD.  Only thing was their files were redirected to a new server.

The problem I have is that the only way to read those old files is for the owner to have them restored to the old server and then the user needs to decrypt and move to the new server and encrypt.
The old server is about to be decommisioned .  That is why I posted this question.
0
ImaCircularSawTechnical LeadCommented:
What are you using to encrypt the files?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

djpierce54Author Commented:
Each user just goes to the properties of the file or directory on their computer (like My Documents) and under the advanced option select to encrypt.
So it must use the resident server that stores these files for the encryption key.
0
ImaCircularSawTechnical LeadCommented:
Here's a paper on the issue:

http://technet.microsoft.com/en-us/library/bb457065.aspx

The certificates used for encryption are self-signed by the user but should still exist on your CA.  If that CA is the old server it would explain why you'rt unable to decrypt the files without it being online.  You should be able to copy them onto another trusted root server/CA.
0
djpierce54Author Commented:
I figured it out.  Had to use the Recovery Agent and dig out some old Certs.
The link to the KB got me on the right track
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
djpierce54Author Commented:
I had to do further investigations and testing to resolve
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.