Re: EFS Recovery Agent - Delete Certificate

From: Steven L Umbach (n9rou_at_attbi.com)
Date: 04/29/03 

Date: Tue, 29 Apr 2003 01:46:23 GMT

          You can create a new certificate while you are at the domain group
policy setting
(since you have CA), you might want to try that. Otherwise after you create
the new certificate in the mmc certificate for user, export the certificate
(not private keys) and then add/import that certificate (.cer file) to the
domain policy as recovery agent. -- Steve

"Michel Lapointe" <a@a.com> wrote in message
news:#gZc0qYDDHA.2892@TK2MSFTNGP11.phx.gbl...
> Hello,
>
> I currently trying to replace a EFSRA certificate for the
administrator
> by a new certificate from ou CA. (I'm aware that doing that will prevent
> recovering of all currently existing encrypted file).
>
> The problem i'm currently having is that if I go to Domain Policy,
look
> under EFS RA, I see the certificate for the Administrator. I delete it, go
> to the certificate snapin and create a new certificate for EFSRA for
> administrator. (Both have different Friendly name and Valid End Date). Go
> back to Domain Policy, ReAdd administrator (hoping that the new
certificate
> will popup), and the old *supposed to be deleted* certificate popup, it
> should not be a replication issue, since they are DC on the same site and
> wait more than 8 hour. (It was too late anyway yesterday night to continue
> working on that).
>
> Anyone have an idea why this old deleted certificate always come back
> and not the new one?
>
> Thank
>
> ML
>
>

Relevant Pages

  • Re: The message must contain a wsa:To header
    ... My client app is not generating a trace file. ... the client is not applying the WSE policy at all because of an ... at ApplicationMessagingWS.Dispatch(String messageType, String ... look for a certificate with this subject name in the certificate store ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: security header is not present in the incoming message
    ... Similar problem appears when I run my client directly under IIS instead of under ASP.NET Development Server. ... There are no certificates in the certificate store that match the find value of 'CN=WSE2QuickStartServer'. ... 'Hello World with certificate policy. ...
    (microsoft.public.dotnet.security)
  • The message must contain a wsa:To header
    ... When I setup the policy, ... at ApplicationMessagingWS.Dispatch(String messageType, String ... be used along with the Integrity assertion when the presence of the signed ... look for a certificate with this subject name in the certificate store ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: Encryption and signing using Security context tokens using WS
    ... In a webfarm scenario wen i try to run the sample using policy the error is ... Tokens in a Web Farm.The built-in SecurityContextService keeps track of the ... //This is the point where to get the SCT service. ... system can look for a certificate with this subject name in the certificate ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: The message must contain a wsa:To header
    ... When I setup the policy, ... at ApplicationMessagingWS.Dispatch(String messageType, String ... be used along with the Integrity assertion when the presence of the signed ... look for a certificate with this subject name in the certificate store ...
    (microsoft.public.dotnet.framework.webservices.enhancements)