Re: EFS error: event id: 6203 on Windows Server 2003
From: mika2004 (mika2004_at_discussions.microsoft.com)
Date: 11/03/04
- Next message: Vasu: "Re: Accounts constantly locking out"
- Previous message: Steven L Umbach: "Re: Accounts constantly locking out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Nov 2004 23:48:04 -0800
Hi Brian, hi Steve,
thanks for your comments.
Trusted for delegation was not enabled, but that didn't solve my problem.
I found out that the error only occurs by accessing files that were
encrypted on our old file server which is in the meantime switecd off. The
old server was a domain controller of our Windows 2000 Domains. The files
were moved using Backup and Restore. We have a single-forest-domain.
Brian:
No FQDN to IP-resolution problems, but what's with this Service Principal
Names.
No further events are logged. How can I find out if these SPNs are incorrect?
Thanks
Michael
"Brian Komar" wrote:
> In article <A_igd.324219$MQ5.31064@attbi_s52>, n9rou@n0-spam-for-me-
> comcast.net says...
> > I believe it is a warning message just to inform you that if you decrypt a
> > file over the network that the data will not be encrypted on the wire. The
> > access denied probably means that you do not have an EFS certificate/private
> > key on the computer where the encrypted file exists. Also to encrypt files
> > on a network server, the computer must be trusted for delegation in it's
> > computer account properties in Active Directory Users and Computers. The
> > link below explains more. --- Steve
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;320044
>
> Further to Steve's answer.
>
> Is the computer a member of the same forest as the server where you are
> attempting to encrypt/decrypt the file? My guess is no, which is why you
> are using NTLM authentication rather than Kerberos. Only Kerberos
> allows Kerberos impersonation, which is enabled when you configure that
> the server computer is trusted for delegation. The server impersonates
> the user, generates a profile, and either generates or uses the EFS key
> pair in that profile for encryption.
>
> If it is a member of the same forest, is there anything preventing
> Kerberos authentication. Common issues include the incorrect SPN or the
> inability to resolve the server's FQDN in DNS.
>
> Brian
>
>
> >
> > "mika2004" <mika2004@discussions.microsoft.com> wrote in message
> > news:D7B41740-37E9-4349-86F2-B19FB825849B@microsoft.com...
> > > Has anyone ever seen this eventid from the source EFS.
> > > I get it every time, i klick on an encrypted file.
> > > After that the encrypted files cannot be accessed.
> > > Error: Access denied.
> > > Client OS is Windows XP SP1.
> > > The whole event message is:
> > > EFS does not support encryption over network sessions established using
> > > the
> > > NTLM protocol.
> > > Any comments?
> > >
> > >
> >
> >
> >
>
- Next message: Vasu: "Re: Accounts constantly locking out"
- Previous message: Steven L Umbach: "Re: Accounts constantly locking out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
