EFS Remote Encryption

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Apoulet on Server Fault See other posts from Server Fault or by Apoulet
Published on 2012-10-11T21:28:57Z Indexed on 2012/10/11 21:38 UTC
Read the original article Hit count: 280

Filed under:
|
|
|
|

We have been trying to setup EFS across our domain. Unfortunately Reading/Writing file over network share does not work, we get an "Access Denied" error.

Another worrying fact is that I managed to get it working for 1 machine but no other would work.

The machines are all Windows 2008R2, running as VM under ESXi host.

According to: http://technet.microsoft.com/en-us/library/bb457116.aspx#EHAA

  • We setup the involved machine to be trusted for delegation
  • The user are not restricted and can be trusted for delegation.
  • The users have logged-in on both side and can read/write encrypted files without issues locally.

I enabled Kerberos logging in the registry and this is the relevant logs that I get on the machine that has the encrypted files. In order for all certificate that the user possess (Only Key Name changes):

Event ID 5058: Audit Success, "Other System Events" 

Key file operation.
Subject:
    Security ID:        {MyDOMAIN}\{MyID}
    Account Name:       {MyID}
    Account Domain:     {MyDOMAIN}
    Logon ID:       0xbXXXXXXX

Cryptographic Parameters:
    Provider Name:  Microsoft Software Key Storage Provider
    Algorithm Name: Not Available.
    Key Name:   {CE885431-9B4F-47C2-8415-2D766B999999}
    Key Type:   User key.

Key File Operation Information:
    File Path:  C:\Users\{MyID}\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4585646465656-260371901-2912106767-1207\66099999999991e891f187e791277da03d_dfe9ecd8-31c4-4b0f-9b57-6fd3cab90760

        Operation:  Read persisted key from file.
    Return Code:    0x0[/code]

Event ID 5061: Audit Faillure, "System Intergrity"

[code]Cryptographic operation.
Subject:
Security ID:        {MyDOMAIN}\{MyID}
    Account Name:       {MyID}
    Account Domain:     {MyDOMAIN}
    Logon ID:       0xbXXXXXXX

Cryptographic Parameters:
    Provider Name:  Microsoft Software Key Storage Provider
    Algorithm Name: RSA
    Key Name:   {CE885431-9B4F-47C2-8415-2D766B999999}
    Key Type:   User key.

Cryptographic Operation:
    Operation:  Open Key.
    Return Code:    0x8009000b

Could this be related to this error from the CryptAcquireContext function

NTE_BAD_KEY_STATE 0x8009000BL 
The user password has changed since the private keys were encrypted.

The problem is that the users I using at the moment can not change their password.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about windows-server-2008

Related posts about active-directory

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle