Windows Server 2008 R2 Thread, Offline File Encryption - outdated cert in Technical; Two days wasted on this!
Apparantly someone before me upgraded one of the DCs from 2003 to 2008 R2, but ...
17th May 2012, 10:57 PM #1
Offline File Encryption - outdated cert
Two days wasted on this!
Apparantly someone before me upgraded one of the DCs from 2003 to 2008 R2, but left the second exisiting one as 2003. From what I've read offline file encryption in XP uses a local admin account (with cert) as the decryption manager. With Win 7 it's all in Group Policy.
In 2003 a cert was issued in AD to the Administrator account for encryption. I assume on XP it was for the high level crypto stuff. This cert was only issued for a couple of years. Mine expired in 2009.
As it turns out of the cert has expired Win 7 starts to offline your files, then gets access denied for all users on that laptop unless your format the CSC cache and turn sync off. Even if your connected to the network, as it's still reading from the CSC cache which is encrypted, which it can't read as the cert is out of date!
Two days of head scratching later finally figure out. You have to delete the existing cert in GPO, then create a new one. 2008 R2 issues a 100 year cert. After that it all works.
They don't pay me enough for this crap
Last edited by Trapper; 17th May 2012 at 10:59 PM.
IDG Tech News
By HCC in forum Windows 7
Last Post: 17th August 2010, 05:14 PM
Last Post: 25th November 2009, 09:49 PM
Last Post: 16th March 2007, 01:44 PM
Last Post: 13th June 2006, 09:22 PM
By woody in forum Windows
Last Post: 9th December 2005, 10:52 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)