If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Access Denied after Encrypting Offline Cache
I have enabled the Group Policy setting to encrypt the offline file cache and
I am getting the following errors in the Application event log: Event Type: Error Event Source: Offline Files Event Category: None Event ID: 18 Date: 05/08/2009 Time: 15:09:31 User: N/A Computer: PC-007183 Description: Encryption of the Offline Files cache failed with error 5. File: filename removed Access is denied. This is occuring on all PCs where this policy is applied. I've not been able to find any other posts refering to this problem. Is anyone able to help? Regards, Robin |
Ads |
#2
|
|||
|
|||
Access Denied after Encrypting Offline Cache
One thing to check is that EFS encryption is enabled [or not disabled] in
the domain. Try to manually use EFS on a test folder/file on one of the computers in question to see if that can be done or not. If not then most likely it is disabled in some domain GPO under computer configuration\windows settings\computer settings\public key policies\encrypted file system [gpresult/rsop.msc may help track that down]. You can encrypt a folder with EFS via it's properties - advanced. Steve "Robin Hearne" wrote in message ... I have enabled the Group Policy setting to encrypt the offline file cache and I am getting the following errors in the Application event log: Event Type: Error Event Source: Offline Files Event Category: None Event ID: 18 Date: 05/08/2009 Time: 15:09:31 User: N/A Computer: PC-007183 Description: Encryption of the Offline Files cache failed with error 5. File: filename removed Access is denied. This is occuring on all PCs where this policy is applied. I've not been able to find any other posts refering to this problem. Is anyone able to help? Regards, Robin |
#3
|
|||
|
|||
Access Denied after Encrypting Offline Cache
If I try to manually encypt a test folder in the root of C:\ I get the
following error: 'Recovery policy configured for this system contains invailid recovery certificate' However, if I create a test folder in the Windows directory and try to encrypt that then I get an 'Access Denied' error Robin P.S. I'm hoping that it's not neccessary to create a recovery certificate as it's only the offline copies that are to be encypted. "Old Rookie" wrote: One thing to check is that EFS encryption is enabled [or not disabled] in the domain. Try to manually use EFS on a test folder/file on one of the computers in question to see if that can be done or not. If not then most likely it is disabled in some domain GPO under computer configuration\windows settings\computer settings\public key policies\encrypted file system [gpresult/rsop.msc may help track that down]. You can encrypt a folder with EFS via it's properties - advanced. Steve "Robin Hearne" wrote in message ... I have enabled the Group Policy setting to encrypt the offline file cache and I am getting the following errors in the Application event log: Event Type: Error Event Source: Offline Files Event Category: None Event ID: 18 Date: 05/08/2009 Time: 15:09:31 User: N/A Computer: PC-007183 Description: Encryption of the Offline Files cache failed with error 5. File: filename removed Access is denied. This is occuring on all PCs where this policy is applied. I've not been able to find any other posts refering to this problem. Is anyone able to help? Regards, Robin |
#4
|
|||
|
|||
Access Denied after Encrypting Offline Cache
Acording to Microsoft the cause and solution to your issue is below. Your
solution will depend on if you have a an Enterprise Certificate Authority server or not in the domain. You will want to find the GPO that is pushing the RC out to the domain workstations and there you will be able to configure new RA certificate for the domain computers under computer configuration\windows settings\computer settings\public key policies\encrypted file system . You got access denied becaue Windows does not allow you to encrypt system files. When encrypting a file, a message appears: "Recovery policy configured for this system contains invalid recovery certificate" or "ERROR_BAD_RECOVERY_POLICY." Cause: The Encrypting File System (EFS) recovery policy that is implemented on this computer contains one or more EFS recovery agent certificates that have expired. These certificates cannot be used. Solution: Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates. "Robin Hearne" wrote in message ... If I try to manually encypt a test folder in the root of C:\ I get the following error: 'Recovery policy configured for this system contains invailid recovery certificate' However, if I create a test folder in the Windows directory and try to encrypt that then I get an 'Access Denied' error Robin P.S. I'm hoping that it's not neccessary to create a recovery certificate as it's only the offline copies that are to be encypted. "Old Rookie" wrote: One thing to check is that EFS encryption is enabled [or not disabled] in the domain. Try to manually use EFS on a test folder/file on one of the computers in question to see if that can be done or not. If not then most likely it is disabled in some domain GPO under computer configuration\windows settings\computer settings\public key policies\encrypted file system [gpresult/rsop.msc may help track that down]. You can encrypt a folder with EFS via it's properties - advanced. Steve "Robin Hearne" wrote in message ... I have enabled the Group Policy setting to encrypt the offline file cache and I am getting the following errors in the Application event log: Event Type: Error Event Source: Offline Files Event Category: None Event ID: 18 Date: 05/08/2009 Time: 15:09:31 User: N/A Computer: PC-007183 Description: Encryption of the Offline Files cache failed with error 5. File: filename removed Access is denied. This is occuring on all PCs where this policy is applied. I've not been able to find any other posts refering to this problem. Is anyone able to help? Regards, Robin |
#5
|
|||
|
|||
Access Denied after Encrypting Offline Cache
Thanks Steve. I found that the Default Domain Policy had an expired recovery
certificate which must have been there since we migrated from the NT 4.0 domain! I'll get it removed and hopefully this will resolve the issue. Robin "Old Rookie" wrote: Acording to Microsoft the cause and solution to your issue is below. Your solution will depend on if you have a an Enterprise Certificate Authority server or not in the domain. You will want to find the GPO that is pushing the RC out to the domain workstations and there you will be able to configure new RA certificate for the domain computers under computer configuration\windows settings\computer settings\public key policies\encrypted file system . You got access denied becaue Windows does not allow you to encrypt system files. When encrypting a file, a message appears: "Recovery policy configured for this system contains invalid recovery certificate" or "ERROR_BAD_RECOVERY_POLICY." Cause: The Encrypting File System (EFS) recovery policy that is implemented on this computer contains one or more EFS recovery agent certificates that have expired. These certificates cannot be used. Solution: Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates. "Robin Hearne" wrote in message ... If I try to manually encypt a test folder in the root of C:\ I get the following error: 'Recovery policy configured for this system contains invailid recovery certificate' However, if I create a test folder in the Windows directory and try to encrypt that then I get an 'Access Denied' error Robin P.S. I'm hoping that it's not neccessary to create a recovery certificate as it's only the offline copies that are to be encypted. "Old Rookie" wrote: One thing to check is that EFS encryption is enabled [or not disabled] in the domain. Try to manually use EFS on a test folder/file on one of the computers in question to see if that can be done or not. If not then most likely it is disabled in some domain GPO under computer configuration\windows settings\computer settings\public key policies\encrypted file system [gpresult/rsop.msc may help track that down]. You can encrypt a folder with EFS via it's properties - advanced. Steve "Robin Hearne" wrote in message ... I have enabled the Group Policy setting to encrypt the offline file cache and I am getting the following errors in the Application event log: Event Type: Error Event Source: Offline Files Event Category: None Event ID: 18 Date: 05/08/2009 Time: 15:09:31 User: N/A Computer: PC-007183 Description: Encryption of the Offline Files cache failed with error 5. File: filename removed Access is denied. This is occuring on all PCs where this policy is applied. I've not been able to find any other posts refering to this problem. Is anyone able to help? Regards, Robin |
#6
|
|||
|
|||
Access Denied after Encrypting Offline Cache
The offending certificate has now been removed and the encryption of the
offline cache is working successfully. Thanks for all your help. Robin "Robin Hearne" wrote: Thanks Steve. I found that the Default Domain Policy had an expired recovery certificate which must have been there since we migrated from the NT 4.0 domain! I'll get it removed and hopefully this will resolve the issue. Robin "Old Rookie" wrote: Acording to Microsoft the cause and solution to your issue is below. Your solution will depend on if you have a an Enterprise Certificate Authority server or not in the domain. You will want to find the GPO that is pushing the RC out to the domain workstations and there you will be able to configure new RA certificate for the domain computers under computer configuration\windows settings\computer settings\public key policies\encrypted file system . You got access denied becaue Windows does not allow you to encrypt system files. When encrypting a file, a message appears: "Recovery policy configured for this system contains invalid recovery certificate" or "ERROR_BAD_RECOVERY_POLICY." Cause: The Encrypting File System (EFS) recovery policy that is implemented on this computer contains one or more EFS recovery agent certificates that have expired. These certificates cannot be used. Solution: Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates. "Robin Hearne" wrote in message ... If I try to manually encypt a test folder in the root of C:\ I get the following error: 'Recovery policy configured for this system contains invailid recovery certificate' However, if I create a test folder in the Windows directory and try to encrypt that then I get an 'Access Denied' error Robin P.S. I'm hoping that it's not neccessary to create a recovery certificate as it's only the offline copies that are to be encypted. "Old Rookie" wrote: One thing to check is that EFS encryption is enabled [or not disabled] in the domain. Try to manually use EFS on a test folder/file on one of the computers in question to see if that can be done or not. If not then most likely it is disabled in some domain GPO under computer configuration\windows settings\computer settings\public key policies\encrypted file system [gpresult/rsop.msc may help track that down]. You can encrypt a folder with EFS via it's properties - advanced. Steve "Robin Hearne" wrote in message ... I have enabled the Group Policy setting to encrypt the offline file cache and I am getting the following errors in the Application event log: Event Type: Error Event Source: Offline Files Event Category: None Event ID: 18 Date: 05/08/2009 Time: 15:09:31 User: N/A Computer: PC-007183 Description: Encryption of the Offline Files cache failed with error 5. File: filename removed Access is denied. This is occuring on all PCs where this policy is applied. I've not been able to find any other posts refering to this problem. Is anyone able to help? Regards, Robin |
#7
|
|||
|
|||
Access Denied after Encrypting Offline Cache
Great to hear that Robin! Thanks for reporting back what worked so that
others with the same problem can benefit. Steve "Robin Hearne" wrote in message ... The offending certificate has now been removed and the encryption of the offline cache is working successfully. Thanks for all your help. Robin "Robin Hearne" wrote: Thanks Steve. I found that the Default Domain Policy had an expired recovery certificate which must have been there since we migrated from the NT 4.0 domain! I'll get it removed and hopefully this will resolve the issue. Robin "Old Rookie" wrote: Acording to Microsoft the cause and solution to your issue is below. Your solution will depend on if you have a an Enterprise Certificate Authority server or not in the domain. You will want to find the GPO that is pushing the RC out to the domain workstations and there you will be able to configure new RA certificate for the domain computers under computer configuration\windows settings\computer settings\public key policies\encrypted file system . You got access denied becaue Windows does not allow you to encrypt system files. When encrypting a file, a message appears: "Recovery policy configured for this system contains invalid recovery certificate" or "ERROR_BAD_RECOVERY_POLICY." Cause: The Encrypting File System (EFS) recovery policy that is implemented on this computer contains one or more EFS recovery agent certificates that have expired. These certificates cannot be used. Solution: Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates. "Robin Hearne" wrote in message ... If I try to manually encypt a test folder in the root of C:\ I get the following error: 'Recovery policy configured for this system contains invailid recovery certificate' However, if I create a test folder in the Windows directory and try to encrypt that then I get an 'Access Denied' error Robin P.S. I'm hoping that it's not neccessary to create a recovery certificate as it's only the offline copies that are to be encypted. "Old Rookie" wrote: One thing to check is that EFS encryption is enabled [or not disabled] in the domain. Try to manually use EFS on a test folder/file on one of the computers in question to see if that can be done or not. If not then most likely it is disabled in some domain GPO under computer configuration\windows settings\computer settings\public key policies\encrypted file system [gpresult/rsop.msc may help track that down]. You can encrypt a folder with EFS via it's properties - advanced. Steve "Robin Hearne" wrote in message ... I have enabled the Group Policy setting to encrypt the offline file cache and I am getting the following errors in the Application event log: Event Type: Error Event Source: Offline Files Event Category: None Event ID: 18 Date: 05/08/2009 Time: 15:09:31 User: N/A Computer: PC-007183 Description: Encryption of the Offline Files cache failed with error 5. File: filename removed Access is denied. This is occuring on all PCs where this policy is applied. I've not been able to find any other posts refering to this problem. Is anyone able to help? Regards, Robin |
Thread Tools | |
Display Modes | |
|
|