|
Posted by Zoran Pantic on January 12, 2007, 5:17 pm
Please log in for more thread options
I am having problems to decrypt the files on my XP machine (2003 domain
member).
I get "access denied", and when I try encrypt another file, I get the
"Recovery policy configured for this system contains invalid recovery
certificate".
I tried to add another recovery ageint in domain policy, but I cannot choose
any other domain account - it is rejected as recovery agent.
I opened the domain-Administrator's certificate, and I can see that it
expired a month ago (approx. when I started getting problems with opening my
files).
How do I either renew the Administrators certificate (tried with renew and
get new, with the same key and new key - no luck), or to add another user
account as recovery agent?
Thanx in advance!
Regards,
Zoran
|
|
Posted by ILKER SOGUT on January 12, 2007, 6:25 pm
Please log in for more thread options
Hi,
Your Problem is Because Of Administrator 's Expired Password, first logon to
a machine with administrator and encrypt a file to create a EFS Certificate
for Administrator, than at Certificates at Domain you will see
Administrator's New EFS File Encrytp Certificate, than revoke old one, at
last Order For a new Recovery Agent
After this, you will be able to decrypt the files,
I hope you had a valid Recovery agent Certicate before the files were
encrytped,
You must have been Created a Certificate for recovery at first before
encrypting files.
Good luck
ILKER SOGUT
>I am having problems to decrypt the files on my XP machine (2003 domain
>member).
>
> I get "access denied", and when I try encrypt another file, I get the
> "Recovery policy configured for this system contains invalid recovery
> certificate".
>
> I tried to add another recovery ageint in domain policy, but I cannot
> choose any other domain account - it is rejected as recovery agent.
>
> I opened the domain-Administrator's certificate, and I can see that it
> expired a month ago (approx. when I started getting problems with opening
> my files).
>
> How do I either renew the Administrators certificate (tried with renew and
> get new, with the same key and new key - no luck), or to add another user
> account as recovery agent?
>
> Thanx in advance!
>
> Regards,
>
> Zoran
>
|
|
Posted by Zoran Pantic on January 15, 2007, 1:07 am
Please log in for more thread options Hello Ilker,
thanx for your input!
The administrator account has a password that is never expiring, so when I
log on as administrator, I am not prompted to change the password.
Should I then change the password manually, or just enable that password
periodically expire also for the administrator?
I tried to log on as this domain administrator and encrypt files, but I get
the same error.
How do I then do?
Thanx in advance!
Regards,
Zoran
> Hi,
>
> Your Problem is Because Of Administrator 's Expired Password, first logon
> to a machine with administrator and encrypt a file to create a EFS
> Certificate for Administrator, than at Certificates at Domain you will see
> Administrator's New EFS File Encrytp Certificate, than revoke old one, at
> last Order For a new Recovery Agent
> After this, you will be able to decrypt the files,
>
> I hope you had a valid Recovery agent Certicate before the files were
> encrytped,
>
> You must have been Created a Certificate for recovery at first before
> encrypting files.
>
>
> Good luck
>
>
> ILKER SOGUT
>
>
>>I am having problems to decrypt the files on my XP machine (2003 domain
>>member).
>>
>> I get "access denied", and when I try encrypt another file, I get the
>> "Recovery policy configured for this system contains invalid recovery
>> certificate".
>>
>> I tried to add another recovery ageint in domain policy, but I cannot
>> choose any other domain account - it is rejected as recovery agent.
>>
>> I opened the domain-Administrator's certificate, and I can see that it
>> expired a month ago (approx. when I started getting problems with opening
>> my files).
>>
>> How do I either renew the Administrators certificate (tried with renew
>> and get new, with the same key and new key - no luck), or to add another
>> user account as recovery agent?
>>
>> Thanx in advance!
>>
>> Regards,
>>
>> Zoran
>>
>
>
|
|
Posted by ILKER SOGUT on January 16, 2007, 4:07 am
Please log in for more thread options Hi,
I made a mistake :) I wanted to say you "Your Problem is Because Of
Administrator 's Expired Certificate, "
I have written Password instead of Certificate
Sorry
ILKER SOGUT
> Hello Ilker,
>
> thanx for your input!
>
> The administrator account has a password that is never expiring, so when I
> log on as administrator, I am not prompted to change the password.
>
> Should I then change the password manually, or just enable that password
> periodically expire also for the administrator?
>
> I tried to log on as this domain administrator and encrypt files, but I
> get the same error.
>
> How do I then do?
>
> Thanx in advance!
>
> Regards,
>
> Zoran
>
>
>> Hi,
>>
>> Your Problem is Because Of Administrator 's Expired Password, first logon
>> to a machine with administrator and encrypt a file to create a EFS
>> Certificate for Administrator, than at Certificates at Domain you will
>> see Administrator's New EFS File Encrytp Certificate, than revoke old
>> one, at last Order For a new Recovery Agent
>> After this, you will be able to decrypt the files,
>>
>> I hope you had a valid Recovery agent Certicate before the files were
>> encrytped,
>>
>> You must have been Created a Certificate for recovery at first before
>> encrypting files.
>>
>>
>> Good luck
>>
>>
>> ILKER SOGUT
>>
>>
>>>I am having problems to decrypt the files on my XP machine (2003 domain
>>>member).
>>>
>>> I get "access denied", and when I try encrypt another file, I get the
>>> "Recovery policy configured for this system contains invalid recovery
>>> certificate".
>>>
>>> I tried to add another recovery ageint in domain policy, but I cannot
>>> choose any other domain account - it is rejected as recovery agent.
>>>
>>> I opened the domain-Administrator's certificate, and I can see that it
>>> expired a month ago (approx. when I started getting problems with
>>> opening my files).
>>>
>>> How do I either renew the Administrators certificate (tried with renew
>>> and get new, with the same key and new key - no luck), or to add another
>>> user account as recovery agent?
>>>
>>> Thanx in advance!
>>>
>>> Regards,
>>>
>>> Zoran
>>>
>>
>>
>
>
|
|
Posted by Zoran Pantic on January 16, 2007, 2:09 pm
Please log in for more thread options Hello again, Ilker,
I tried to log on as Administrator, and to encrypt a file.
But I couldn't do it - I got error "Recovery policy configured for this
system contains invalid recovery certificate".
Now it seems that I am in a circle. :o)
How do I get out?
Regards, Zoran
> Hi,
>
> I made a mistake :) I wanted to say you "Your Problem is Because Of
> Administrator 's Expired Certificate, "
>
> I have written Password instead of Certificate
> Sorry
> ILKER SOGUT
>
>> Hello Ilker,
>>
>> thanx for your input!
>>
>> The administrator account has a password that is never expiring, so when
>> I log on as administrator, I am not prompted to change the password.
>>
>> Should I then change the password manually, or just enable that password
>> periodically expire also for the administrator?
>>
>> I tried to log on as this domain administrator and encrypt files, but I
>> get the same error.
>>
>> How do I then do?
>>
>> Thanx in advance!
>>
>> Regards,
>>
>> Zoran
>>
>>
>>> Hi,
>>>
>>> Your Problem is Because Of Administrator 's Expired Password, first
>>> logon to a machine with administrator and encrypt a file to create a EFS
>>> Certificate for Administrator, than at Certificates at Domain you will
>>> see Administrator's New EFS File Encrytp Certificate, than revoke old
>>> one, at last Order For a new Recovery Agent
>>> After this, you will be able to decrypt the files,
>>>
>>> I hope you had a valid Recovery agent Certicate before the files were
>>> encrytped,
>>>
>>> You must have been Created a Certificate for recovery at first before
>>> encrypting files.
>>>
>>>
>>> Good luck
>>>
>>>
>>> ILKER SOGUT
>>>
>>>
>>>>I am having problems to decrypt the files on my XP machine (2003 domain
>>>>member).
>>>>
>>>> I get "access denied", and when I try encrypt another file, I get the
>>>> "Recovery policy configured for this system contains invalid recovery
>>>> certificate".
>>>>
>>>> I tried to add another recovery ageint in domain policy, but I cannot
>>>> choose any other domain account - it is rejected as recovery agent.
>>>>
>>>> I opened the domain-Administrator's certificate, and I can see that it
>>>> expired a month ago (approx. when I started getting problems with
>>>> opening my files).
>>>>
>>>> How do I either renew the Administrators certificate (tried with renew
>>>> and get new, with the same key and new key - no luck), or to add
>>>> another user account as recovery agent?
>>>>
>>>> Thanx in advance!
>>>>
>>>> Regards,
>>>>
>>>> Zoran
>>>>
>>>
>>>
>>
>>
>
>
|
| Similar Threads | Posted | | Certificate recovery on user profile | October 25, 2006, 9:34 am |
| Windows server 2003 security. How to protect against 100's of invalid logons to the server?? | August 12, 2005, 5:29 pm |
| 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req | June 4, 2007, 1:56 pm |
| Key Recovery | August 26, 2005, 3:52 am |
| NT4 user account recovery | June 3, 2005, 6:29 am |
| Problems setting up the Recovery Agent | December 19, 2006, 1:26 pm |
| Creating CA and self-signed cert for EFS recovery | July 19, 2007, 10:10 am |
| Re: Key Recovery Agent with no access to Root CA CRL | October 24, 2008, 3:59 am |
| Unable to find Key Recovery Agent template!!! | July 8, 2005, 11:28 am |
| Admin password recovery; LockSmith? Risk? | February 9, 2006, 10:12 pm |
|
XML Sitemap