RE: Recovery agent for EFS, how can i get it done PLEASE HELP

How are you requesting the Cert?


"XP_2600" wrote:

>
> Savy95 you helped me alot man, now i fixed the problem and there is just a
> little problem im asking about it just to know is it a bug or not, admin can
> request cert normally now but my account which is member of both local and
> enterprise admins still cant request cert everytime i request i get this
> "---------------------------
> Certificate Request Wizard
> ---------------------------
> The certificate cannot be installed because of one or more of the following
> conditions:
> - There is a problem with your cryptographic hardware.
> - The cryptographic service provider (CSP) that created the request is
> malfunctioning.
> The error was: Keyset does not exist
> ---------------------------
> OK
> ---------------------------" the other accounts can request certs normally,
> any ideas ? thanks again man for help
> "savvy95" wrote:
>
> > On 2000, this can be accomplished:
> > A. Login as Local Administrator (not Domain)
> > B. Run mmc
> > C. Add the snap-in certificates
> > D. Go to personal; find cert for EFS
> > if not there, then close mmc, encrypt a file then decrypt
> > file, then repeat steps A-D)
> > E. Right click cert and export to floppy. DON'T Export key
> > F. Login with user credentials; run mmc; add snap-in certificates; go
> > to Personal
> > G. Right click right pane(in the white area or go to actions) and
> > choose import certificate
> >
> > On 2003
> > A. Administrators automatically have decryption rights or follow above
> > steps
> >
> > You can also check out:
> > http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps.asp
> >
> > "XP_2600" wrote:
> >
> > > Guys i need your help, i have a windows 2003 server entrprise (upgraded from
> > > Windows 2000 advanced server sometime ago) i noticed that an employee
> > > encrypted some files and that wasnt allowed ( i didnt moved the allow
> > > encrypting files from the GP :( ) anyway i logged with the administrator
> > > which suppose to be able to recover the encypted files but its didnt do it,
> > > anyway i decrypt the files using the user account, but now i wanna add a
> > > reliable recovery agent, everytime i choose an account to be a recover agent
> > > (an account from domain administrators) i get this error "Add Recovery Agent
> > > ---------------------------
> > > The selected user has no certificates suitable for Encrypted File System
> > > Recovery and cannot be added as a recovery agent.
> > > Select another user.
> > > ---------------------------
> > > OK
> > > ---------------------------"
> > > i tried to install CA and then i tried to request certificate but i get this
> > > error "---------------------------
> > > Certificate Request Wizard
> > > ---------------------------
> > > The certificate cannot be installed because of one or more of the following
> > > conditions:
> > > - There is a problem with your cryptographic hardware.
> > > - The cryptographic service provider (CSP) that created the request is
> > > malfunctioning.
> > > The error was: Keyset does not exist
> > > ---------------------------
> > > OK
> > > ---------------------------"
> > >
> > > even if i see in the CA that the certificate has been issued and there is no
> > > faild certificates, i tried to skip this thing too and export the user
> > > certificate and then use it as recovery agent instead of choosing user name
> > > its success but the user who suppose to be recovery agent couldnt recover
> > > files too, i think he could recover folders only or at least thats whats
> > > happend with me
> > >
> > > When i tried to choose create recovery agent i got this error:
> > > "---------------------------
> > > Public Key Policies
> > > ---------------------------
> > > Windows cannot create a data recovery agent. Keyset does not exist
> > > ---------------------------
> > > OK
> > > ---------------------------"
> > > I know its complex and long post but please try to help me, thanks so much
> > >
> > >
> > >
.

Relevant Pages

  • Re: Unable to install Godaddy cert on SBS R2 Standard box
    ... I recently bought a ten year Turbo SSL cert, but I want to rebuild my server ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ...
    (microsoft.public.windows.server.sbs)
  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... enterprise admins still cant request cert everytime i request i get this ... The certificate cannot be installed because of one or more of the following ... >> Recovery and cannot be added as a recovery agent. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Wireless connection problem from XP Pro SP2 to SBS 2003
    ... I go to request a certificate. ... I went ahead and requested a User cert, ... This computer can connect to other wireless networks without problems. ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to install Godaddy cert on SBS R2 Standard box
    ... That is was why I started to install the Turbo cert. ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ...
    (microsoft.public.windows.server.sbs)
  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... What type of cert do you want? ... simply have the user encrypt a ... > request new certificate and then i choose the template, ... > Certificate Request Wizard ...
    (microsoft.public.windows.server.active_directory)