Re: File ENcryption Problem Detail
From: Drew Cooper [MS] (dcoop@online.microsoft.com)
Date: 08/30/02
- Next message: Les Caudle: "windows media player auto download of codec?"
- Previous message: Mark Strelecki, ACP: "Re: I give in."
- In reply to: Mandy: "Re: File ENcryption Problem Detail"
- Next in thread: Mandy: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Drew Cooper [MS]" <dcoop@online.microsoft.com> Date: Fri, 30 Aug 2002 13:45:09 -0700
There seems to be something very wrong with your first DC. I have no idea
what that might be. I don't know the history of the machine.
Since you seem to have at least one other machine available (the second DC),
try to make it a DC in its own domain, join the client to it, try again, and
repost if it doesn't work.
This thread is getting really long, so if you try again and it doesn't work,
could you start a new thread? If you put "EFS" in the title it will grab
all of the EFS folks' attention right away.
Sorry I can't be more helpful.
-- Drew Cooper [MS] This posting is provided "AS IS" with no warranties, and confers no rights. "Mandy" <mmmandy@hotmail.com> wrote in message news:#8H4sA9TCHA.2384@tkmsftngp10... > In addition, when u encrypt remotely (client to server), which users account > is used? > domain administrator account? > > This may be the cause of the problem, because DC may not allow normal user > account to create a profile in the DC. > > "Drew Cooper [MS]" <dcoop@online.microsoft.com> 级糶秎ン > news:uOljqU5TCHA.1864@tkmsftngp12... > > Yes. We have a clean install of Win2k SP3 on both a DC and a client > joined > > to its domain. We can encrypt remotely (client to server, of course). > > If you have taskman running, showing the big CPU users, then repro, you > > should see what's grinding away. This is not a very fine-grained > approach, > > I'm afraid. If we could repro in our lab, we could debug it. Not sure > what > > to do in this case unless we can see what's happening. > > > > Are there any clues in the event viewer after you've rebooted the hung > > machine? > > -- > > Drew Cooper [MS] > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > > "Mandy" <mmmandy@hotmail.com> wrote in message > > news:ewtYAM0TCHA.1668@tkmsftngp13... > > > it is able to encrypt file locally on the DC, but not remotely encrypt > > file > > > on server by client PC users > > > > > > Sorry that I am unable to know which process as the machine hangs and > > > un-responds. > > > > > > when u repro the situation, can u encrypt file on server remotely from > > > client PC? > > > > > > "Drew Cooper [MS]" <dcoop@online.microsoft.com> 级糶秎ン > > > news:ecqNpWwTCHA.1496@tkmsftngp11... > > > > We could not reproduce your issue in our lab. I have no idea what's > > > really > > > > happening on your machine or how to get another machine into a similar > > > > state. > > > > > > > > DCs are trusted for delegation. This means that they are enabled to > be > > > > servers for remote EFS. Not that it's good policy to use your DCs for > > > file > > > > servers, mind you. ;-) > > > > > > > > If you're logged on to the DC locally, can you encrypt any files? > > > > While the machine hangs, what process is the CPU hog? > > > > > > > > -- > > > > Drew Cooper [MS] > > > > This posting is provided "AS IS" with no warranties, and confers no > > > rights. > > > > > > > > > > > > "Mandy" <mmmandy@hotmail.com> wrote in message > > > > news:#QkxxkWTCHA.3620@tkmsftngp08... > > > > > For my testing, I guess something has conflict between the local > > > recovery > > > > > policy and domain recovery policy. > > > > > > > > > > In addition, I guess domain controller does not support encryption > by > > > > other > > > > > machine. > > > > > > > > > > "Robert Gu [MS]" <robertg@online.microsoft.com> 级糶秎ン > > > > > news:#u1xzJVTCHA.4136@tkmsftngp08... > > > > > > Will forward this to our testers for a repro. I believe there are > > more > > > > > > details you need to give. We do have Win2K server running EFS > here. > > > Can > > > > > you > > > > > > think of anything that might help us to repro? > > > > > > > > > > > > -- > > > > > > This posting is provided "AS IS" with no warranties, and confers > no > > > > > rights. > > > > > > > > > > > > Robert Gu [MS Security Developer] > > > > > > "Mandy" <mmmandy@hotmail.com> wrote in message > > > > > > news:uIdntnwSCHA.1648@tkmsftngp08... > > > > > > > Here is the detail: > > > > > > > > > > > > > > A user wants to encrypt a file in a drive, the drive is mapped > > from > > > a > > > > > > shared > > > > > > > folder on the server. When user tries to encrypt the file, the > > > server > > > > > is > > > > > > > hang and the user's PC has shown "processing". > > > > > > > > > > > > > > There is nothing being modified in the recovery agent. > Therefore, > > > > > > > > > > > > > > Server- there is one local recovery agent in the local security > > > policy > > > > > and > > > > > > > one domain recovery agent defined in the domain security policy. > > > > > > > PC - there is one local recovery agent is defined locally and > one > > > > domain > > > > > > > recovery agent is defined by the domain controller (this domain > > > > recovery > > > > > > > agent has the same certificate ID in the domain recovery agent > in > > > the > > > > > > > server). > > > > > > > > > > > > > > > > > > > > > > > > > > > > "Mandy" <mmmandy@hotmail.com> 级糶秎ン > > > > > > > news:#xfCHjwSCHA.3720@tkmsftngp08... > > > > > > > > Robert, > > > > > > > > > > > > > > > > nothing is encrypted on the server or client PC (I have > > > implemented > > > > > this > > > > > > > > scenario in the testing environment, which has the clean > > > > installation > > > > > of > > > > > > > > server and professional). > > > > > > > > > > > > > > > > I just wonder is it possible to do encrypted on server by > client > > > PC? > > > > > > > > > > > > > > > > Mandy > > > > > > > > > > > > > > > > "Robert Gu [MS]" <robertg@online.microsoft.com> 级糶秎ン > > > > > > > > news:eBiwo0sSCHA.2412@tkmsftngp13... > > > > > > > > > Encryption should not cause hang. Local recovery agent > should > > > not > > > > > > affect > > > > > > > > the > > > > > > > > > recovery policy. Is the %temp% on the server marked as > > > encrypted? > > > > > Can > > > > > > > you > > > > > > > > > provide more detailed repro steps? > > > > > > > > > > > > > > > > > > -- > > > > > > > > > This posting is provided "AS IS" with no warranties, and > > confers > > > > no > > > > > > > > rights. > > > > > > > > > > > > > > > > > > Robert Gu [MS Security Developer] > > > > > > > > > "Mandy" <mmmandy@hotmail.com> wrote in message > > > > > > > > > news:#EAbVooSCHA.1880@tkmsftngp13... > > > > > > > > > > Hi everyone, > > > > > > > > > > > > > > > > > > > > Would u please give me a help. Here is the situation. > > > > > > > > > > > > > > > > > > > > Environment: > > > > > > > > > > - Windows 2000 Server promoted to a Domain Controller > > > (Server), > > > > > and > > > > > > > > domain > > > > > > > > > > computer (PC). > > > > > > > > > > - A shared folder is created on Server such that user can > > map > > > > the > > > > > > > shared > > > > > > > > > > folder as a Drive > > > > > > > > > > > > > > > > > > > > Problem: Domain User using PC encrypts the shared file on > > > > Server > > > > > > such > > > > > > > > > that > > > > > > > > > > the server will be hang. > > > > > > > > > > > > > > > > > > > > Resolution has done: > > > > > > > > > > - I have tried this scenario many many times in the > testing > > > > > > > environment, > > > > > > > > > but > > > > > > > > > > the same problem occurs. > > > > > > > > > > - I have tried to use roaming profile. > > > > > > > > > > - Domain User accounts are not marked as "sensitive and > > cannot > > > > be > > > > > > > > > delegated" > > > > > > > > > > this is following the instruction from MS White Paper. > > > > > > > > > > > > > > > > > > > > Question: I just wonder how to encrypt a file on a > > > server/domain > > > > > > > > > controller. > > > > > > > > > > Or is it possible? > > > > > > > > > > > > > > > > > > > > After a few tries on the testing environment, it works > fine > > > when > > > > I > > > > > > > > deleted > > > > > > > > > > the local recovery agent on the sever. Will that be the > > cause > > > > of > > > > > > the > > > > > > > > > > problem? > > > > > > > > > > > > > > > > > > > > Man > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Les Caudle: "windows media player auto download of codec?"
- Previous message: Mark Strelecki, ACP: "Re: I give in."
- In reply to: Mandy: "Re: File ENcryption Problem Detail"
- Next in thread: Mandy: "Re: File ENcryption Problem Detail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
