EFS encrypted files won't open anymore

Hi,

A customer has encrypted files on a network share via efs. Nobody, including the person that encrypted the files is able to open them anymore.
The files need to be decrypted and moved to another location but nothing seems to work.
I have found the certificate but still no luck. Any help would be appreciated.
LVL 1
IT MeetjeslandAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
This could happen if the user's password was reset - was it?
If not, please do a simple checkdisk on the drive just to make sure.
If the certificate that you surely backed up does not work after this, you will have to restore the data from backups.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT MeetjeslandAuthor Commented:
Hi McKnife,

I tried restoring the files from backup but the pdf files come empty (0kb)
0
McKnifeCommented:
Comment on the rest of the suggestions, too, please.
0
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

IT MeetjeslandAuthor Commented:
Hi McKnife,

Password has not been changed and checkdisk came out empty so don't know what to do here.
Tried to add the administrator account to the certificate to give me rights on the file but i get following error:

The revocation function was unable to check revocation because the revocation server was offline!
0
McKnifeCommented:
EFS is not known for being unstable - something must have ahppened that you are not aware of. Sorry, I could only once more advise you to use backups. If those are incomplete, you are out of luck and you could only try to break the encryption which will be time-consuming and most probably not successful.
0
Shaun VermaakTechnical Specialist IVCommented:
Domain environment with a CA? Is DRA agent configured?
0
IT MeetjeslandAuthor Commented:
Hi Shaun,

Yes all of those things. The DRA agent is the domain administrator account (who is me obviously). But when i try to decrypt it still says i have no rights to do so.
0
Shaun VermaakTechnical Specialist IVCommented:
Are you sure that these files weren't changed/encrypted by something like Ransomware?
0
IT MeetjeslandAuthor Commented:
NO, the user remembers encrypting those files last year. But now we want to move the files to another network location, they seem unaccesable, even for the person that encryped them.
I was able to recover a lot of the decrypted files from various back-ups and we are only down to 3 files now. I am able to delete them, rename them, but not to open or move them!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.