Guest tuennes Posted January 26, 2009 Posted January 26, 2009 Hello, I´m just testing my Windows PKI before going Live. I encrypted a folder, export my efs cert incl. the private key. Then I delete the cert in my local cert store. After a new login i cannot open my encrypted file. Then I install my exported certificate - but after a new login i always cannot open the encrypted file. I try efsinfo and get this result: D:\efs-tp>efsinfo /c D:\efs-tp\ LOGA Word-Auswertungen.rtf: Encrypted Users who can decrypt: QSCZENTRALE\tp (Thomas Paul(tp@qsc.de)) Certificate thumbprint: 4687 94D3 39DA 199E BD32 F391 D0A0 E96B 63E4 6FEB D:\efs-tp>efsinfo /y Your current EFS certificate thumbnail information on the PC named WS539 is: 4687 94D3 39DA 199E BD32 F391 D0A0 E96B 63E4 6FEB Looks good - but it doesn´t work this way. Any ideas? Where to look? I work in a W2K3 SP2 Domain with Win XP SP3 Clients. Regards Thomas Paul Quote
Guest Brian Komar \(MVP\) Posted January 26, 2009 Posted January 26, 2009 The key is to ignore the user names entirely, and only look at the certificate thumbprints. Ensure that: 1) The thumbprint in the EFSINFO /c output matches the thumbprint of the EFS certificate you have in your profile 2) Ensure that you have the private key associated with the certificate. This should work at all times Brian "tuennes" <tuennes@discussions.microsoft.com> wrote in message news:F54205B0-D35D-46CB-8D69-ACA310005087@microsoft.com...<span style="color:blue"> > Hello, > > I´m just testing my Windows PKI before going Live. I encrypted a folder, > export my efs cert incl. the private key. Then I delete the cert in my > local > cert store. After a new login i cannot open my encrypted file. Then I > install > my exported certificate - but after a new login i always cannot open the > encrypted file. > > I try efsinfo and get this result: > > D:efs-tp>efsinfo /c > > D:efs-tp > > LOGA Word-Auswertungen.rtf: Encrypted > Users who can decrypt: > QSCZENTRALEtp (Thomas Paul(tp@qsc.de)) > Certificate thumbprint: 4687 94D3 39DA 199E BD32 F391 D0A0 E96B 63E4 > 6FEB > > D:efs-tp>efsinfo /y > > Your current EFS certificate thumbnail information on the PC named WS539 > is: > > 4687 94D3 39DA 199E BD32 F391 D0A0 E96B 63E4 6FEB > > Looks good - but it doesn´t work this way. Any ideas? Where to look? > > I work in a W2K3 SP2 Domain with Win XP SP3 Clients. > > Regards > > Thomas Paul > > </span> Quote
Guest tuennes Posted January 29, 2009 Posted January 29, 2009 Hello Brian, thanks for your comment. My problem is: efsinfo /c shows the certificate thumbnail information which i need to open / encrypt the file. efsinfo /y displays my current EFS certificate thumbnail. And both are the same. But it doesn´t work. I can´t encrypt the file. Another user tried this with the same result. Strange behaviour. Any idea where i can find an errorlog? On the local system i get no error when i try to encrypt the file. Point 2) before i deleted my EFS cert i made a backup including the private key. After restore in my certstore everythings looks fine. Regards Thomas "Brian Komar (MVP)" wrote: <span style="color:blue"> > The key is to ignore the user names entirely, and only look at the > certificate thumbprints. > Ensure that: > 1) The thumbprint in the EFSINFO /c output matches the thumbprint of the EFS > certificate you have in your profile > 2) Ensure that you have the private key associated with the certificate. > > This should work at all times > Brian > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.