Re: File ENcryption Problem Detail
From: Mandy (mmmandy@hotmail.com)
Date: 08/30/02
- Next message: Mandy: "Re: File ENcryption Problem Detail"
- Previous message: Mandy: "Re: File ENcryption Problem Detail"
- In reply to: Drew Cooper [MS]: "Re: File ENcryption Problem Detail"
- Next in thread: Mandy: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mandy" <mmmandy@hotmail.com> Date: Fri, 30 Aug 2002 09:04:15 +0800
What other things have u been done on the server and client machines in
order for encryption to work?
"Drew Cooper [MS]" <dcoop@online.microsoft.com> 级糶秎ン
news:uOljqU5TCHA.1864@tkmsftngp12...
> Yes. We have a clean install of Win2k SP3 on both a DC and a client
joined
> to its domain. We can encrypt remotely (client to server, of course).
> If you have taskman running, showing the big CPU users, then repro, you
> should see what's grinding away. This is not a very fine-grained
approach,
> I'm afraid. If we could repro in our lab, we could debug it. Not sure
what
> to do in this case unless we can see what's happening.
>
> Are there any clues in the event viewer after you've rebooted the hung
> machine?
> --
> Drew Cooper [MS]
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Mandy" <mmmandy@hotmail.com> wrote in message
> news:ewtYAM0TCHA.1668@tkmsftngp13...
> > it is able to encrypt file locally on the DC, but not remotely encrypt
> file
> > on server by client PC users
> >
> > Sorry that I am unable to know which process as the machine hangs and
> > un-responds.
> >
> > when u repro the situation, can u encrypt file on server remotely from
> > client PC?
> >
> > "Drew Cooper [MS]" <dcoop@online.microsoft.com> 级糶秎ン
> > news:ecqNpWwTCHA.1496@tkmsftngp11...
> > > We could not reproduce your issue in our lab. I have no idea what's
> > really
> > > happening on your machine or how to get another machine into a similar
> > > state.
> > >
> > > DCs are trusted for delegation. This means that they are enabled to
be
> > > servers for remote EFS. Not that it's good policy to use your DCs for
> > file
> > > servers, mind you. ;-)
> > >
> > > If you're logged on to the DC locally, can you encrypt any files?
> > > While the machine hangs, what process is the CPU hog?
> > >
> > > --
> > > Drew Cooper [MS]
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > >
> > >
> > > "Mandy" <mmmandy@hotmail.com> wrote in message
> > > news:#QkxxkWTCHA.3620@tkmsftngp08...
> > > > For my testing, I guess something has conflict between the local
> > recovery
> > > > policy and domain recovery policy.
> > > >
> > > > In addition, I guess domain controller does not support encryption
by
> > > other
> > > > machine.
> > > >
> > > > "Robert Gu [MS]" <robertg@online.microsoft.com> 级糶秎ン
> > > > news:#u1xzJVTCHA.4136@tkmsftngp08...
> > > > > Will forward this to our testers for a repro. I believe there are
> more
> > > > > details you need to give. We do have Win2K server running EFS
here.
> > Can
> > > > you
> > > > > think of anything that might help us to repro?
> > > > >
> > > > > --
> > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > rights.
> > > > >
> > > > > Robert Gu [MS Security Developer]
> > > > > "Mandy" <mmmandy@hotmail.com> wrote in message
> > > > > news:uIdntnwSCHA.1648@tkmsftngp08...
> > > > > > Here is the detail:
> > > > > >
> > > > > > A user wants to encrypt a file in a drive, the drive is mapped
> from
> > a
> > > > > shared
> > > > > > folder on the server. When user tries to encrypt the file, the
> > server
> > > > is
> > > > > > hang and the user's PC has shown "processing".
> > > > > >
> > > > > > There is nothing being modified in the recovery agent.
Therefore,
> > > > > >
> > > > > > Server- there is one local recovery agent in the local security
> > policy
> > > > and
> > > > > > one domain recovery agent defined in the domain security policy.
> > > > > > PC - there is one local recovery agent is defined locally and
one
> > > domain
> > > > > > recovery agent is defined by the domain controller (this domain
> > > recovery
> > > > > > agent has the same certificate ID in the domain recovery agent
in
> > the
> > > > > > server).
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Mandy" <mmmandy@hotmail.com> 级糶秎ン
> > > > > > news:#xfCHjwSCHA.3720@tkmsftngp08...
> > > > > > > Robert,
> > > > > > >
> > > > > > > nothing is encrypted on the server or client PC (I have
> > implemented
> > > > this
> > > > > > > scenario in the testing environment, which has the clean
> > > installation
> > > > of
> > > > > > > server and professional).
> > > > > > >
> > > > > > > I just wonder is it possible to do encrypted on server by
client
> > PC?
> > > > > > >
> > > > > > > Mandy
> > > > > > >
> > > > > > > "Robert Gu [MS]" <robertg@online.microsoft.com> 级糶秎ン
> > > > > > > news:eBiwo0sSCHA.2412@tkmsftngp13...
> > > > > > > > Encryption should not cause hang. Local recovery agent
should
> > not
> > > > > affect
> > > > > > > the
> > > > > > > > recovery policy. Is the %temp% on the server marked as
> > encrypted?
> > > > Can
> > > > > > you
> > > > > > > > provide more detailed repro steps?
> > > > > > > >
> > > > > > > > --
> > > > > > > > This posting is provided "AS IS" with no warranties, and
> confers
> > > no
> > > > > > > rights.
> > > > > > > >
> > > > > > > > Robert Gu [MS Security Developer]
> > > > > > > > "Mandy" <mmmandy@hotmail.com> wrote in message
> > > > > > > > news:#EAbVooSCHA.1880@tkmsftngp13...
> > > > > > > > > Hi everyone,
> > > > > > > > >
> > > > > > > > > Would u please give me a help. Here is the situation.
> > > > > > > > >
> > > > > > > > > Environment:
> > > > > > > > > - Windows 2000 Server promoted to a Domain Controller
> > (Server),
> > > > and
> > > > > > > domain
> > > > > > > > > computer (PC).
> > > > > > > > > - A shared folder is created on Server such that user can
> map
> > > the
> > > > > > shared
> > > > > > > > > folder as a Drive
> > > > > > > > >
> > > > > > > > > Problem: Domain User using PC encrypts the shared file on
> > > Server
> > > > > such
> > > > > > > > that
> > > > > > > > > the server will be hang.
> > > > > > > > >
> > > > > > > > > Resolution has done:
> > > > > > > > > - I have tried this scenario many many times in the
testing
> > > > > > environment,
> > > > > > > > but
> > > > > > > > > the same problem occurs.
> > > > > > > > > - I have tried to use roaming profile.
> > > > > > > > > - Domain User accounts are not marked as "sensitive and
> cannot
> > > be
> > > > > > > > delegated"
> > > > > > > > > this is following the instruction from MS White Paper.
> > > > > > > > >
> > > > > > > > > Question: I just wonder how to encrypt a file on a
> > server/domain
> > > > > > > > controller.
> > > > > > > > > Or is it possible?
> > > > > > > > >
> > > > > > > > > After a few tries on the testing environment, it works
fine
> > when
> > > I
> > > > > > > deleted
> > > > > > > > > the local recovery agent on the sever. Will that be the
> cause
> > > of
> > > > > the
> > > > > > > > > problem?
> > > > > > > > >
> > > > > > > > > Man
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Mandy: "Re: File ENcryption Problem Detail"
- Previous message: Mandy: "Re: File ENcryption Problem Detail"
- In reply to: Drew Cooper [MS]: "Re: File ENcryption Problem Detail"
- Next in thread: Mandy: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
