Troubleshooting

What problem are you having?

The Advanced button is unavailable.

Cause: Encrypting File System (EFS) only works on files and folders on NTFS file system volumes. If the folder or file you are trying to encrypt is on a FAT or FAT32 volume, the Advanced button does not appear in the properties of that folder or file.

Solution:

Convert the volume to NTFS with the convert utility.

1.

Open Command Prompt

2.

Type:
convert drive /fs:ntfs 
where drive is the drive letter of the intended drive.

See also: convert

The "Recovery policy configured for this system contains invalid recovery certificate" or "ERROR_BAD_RECOVERY_POLICY" message appears when encrypting a file.

Cause: The Encrypting File System (EFS) recovery policy implemented on this computer contains one or more EFS recovery agent certificates that have expired. These certificates cannot be used.

Solution:

Either renew the existing certificates or generate new certificates for the EFS recovery agents and reapply the recovery agent policy with those certificates.

See also: Requesting certificates or Renewing certificates

The "Access denied" message appears when opening an encrypted file.

Cause: The file was encrypted by Encrypting File System (EFS) using a public key certificate and the associated private key for this certificate is not available on this computer.

Solution:

Locate the private key for the appropriate certificate and import it onto this computer using the Certificates snap-in.

See also: To import a certificate and "Encrypting File System" at the Microsoft Resource Kits Web site.

The "Key not valid for use in specified state" message appears when encrypting a file on a remote computer.

Cause: Both computers must reside in the same Active Directory domain to use Encrypting File System (EFS) on remote shares. The remote computer must also be trusted for delegation in the Active Directory.

Solution:

Join both computers to the same Active Directory domain and trust the remote computer for delegation.

See also: To join a domain and To designate a remote server for file encryption



© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies