Re: Problems setting up the Recovery Agent

OK, let's focus on this step
<quote>
I relog on as the RA, and import the cert of the RA into
this machine and then try to open up the dummy file.
</quote>
I assume the workstation is XP, and that by import the cert
you did mean the private key from the pfx was also imported.
In XP when you do this you are offered to have a prompt
on use, but for decryption to work when importing the key
you must select to just have the key used without prompting.
Did you do it that way ?

"techo crat" <spos4life@xxxxxxxxxxx> wrote in message
news:1167251788.260324.205270@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
To be more clear on my problem I'll list some other steps/info I didn't
mention.
I installed the Entreprise CA of Microsoft.
I had also given the new Recovery Agent "Modify" rights on the
encrypted file.
After installing the Entreprise CA, I added the Recovery Agent to the
Recovery Policy.
A side note, I also created a recovery policy for the Domain Admin. So
presently the Recovery Agent and the Domain Admin has a Certificate
issued by the CA. But I also kept the self signed Certificate for the
Domain Admin (which was created the first time I logged into the DC)

In the properties of the encrypted file, in the "Data Recovery Agents
For This File As Defined By Recovery Policy:",
I could see the 3 Recovery Agents, mentioned above, for this file.
Even the certificate thumbprint of each RA in the properties of the
encrypted file and in the Group Policy Editor were identical.
So I don't know what is missing.

Thanks for any help.



.

Relevant Pages

  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... How are you requesting the Cert? ... > enterprise admins still cant request cert everytime i request i get this ... > The certificate cannot be installed because of one or more of the following ... >>> Recovery and cannot be added as a recovery agent. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... Login as Local Administrator ... E. Right click cert and export to floppy. ... > i get this error "Add Recovery Agent ... > i tried to install CA and then i tried to request certificate but i get this ...
    (microsoft.public.windows.server.active_directory)
  • Re: EFS
    ... I am on an XP Pro machine, logged on as an administrator account, say A1. ... File System/Add Data Recovery Agent, which finds no suitable user, so asks ... checkbox etc. Drag the now encrypted file to the shared folder. ... >> And where do you find the certificate at if you are using local ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Recovery agent for EFS, how can i get it done PLEASE HELP
    ... Recovery and cannot be added as a recovery agent. ... Even if i did encrypt and decrypt files using the account. ... > The selected user has no certificates suitable for Encrypted File System ... > i tried to install CA and then i tried to request certificate but i get this ...
    (microsoft.public.windows.server.active_directory)
  • How to add a recovery agent in a workgroup?
    ... How do I add a recovery agent? ... personal certificate in Trusted Persons store and then ... computer Laptop I have two users listed as Users Who Can ... access the encrypted file on Laptop, ...
    (microsoft.public.windowsxp.security_admin)