EFS does not support encryption over network sessions established using the NTLM

[mtcronin via WindowsKB.com]

Hello,

Has anyone seen a problem like this, and if so how did you resolve it?

Client computer: Windows 2000 SP-4 ; Access rights of Client username to
share: Full Control
Server: Windows 2003 No Service Pack, Member Server
Domain: Windows NT 4.0 domain
Problem: When you try and copy a file to the server you receive the following
error message on the client workstation "Cannot Copy FileName: Access is
Denied. The source file may be in use."

When you look in the system event log of the Windows 2003 server you see the
following message. Event ID: 6032 "EFS does not support encryption over
network sessions established using the NTLM protocol."

We have all ready removed the REG key for "EfsConfiguration" and rebooted the
server but we are still unable to copy files that are encrypted from client
workstations to the server that have been encrypted.

The client workstation recieves this error with all file types, and includes
newly created files.

ANY HELP WOULD GREATLY BE APPRECIATED.....

Michael

 

[David Candy]

Windows NT Challenge/Response (NTLM) is the authentication protocol used on networks that include systems running versions of the Microsoft® Windows NT® operating system earlier than Windows 2000 and on stand-alone systems. NTLM stands for Windows NT LAN Manager, a name chosen to distinguish this more advanced challenge/response-based protocol from its weaker predecessor LAN Manager (LM).

Beginning with Windows 2000, the Microsoft Kerberos security package adds greater security to networked systems than NTLM. Although Microsoft Kerberos is the protocol of choice for Windows 2000 networks, NTLM is still supported and must be used for network authentication if the network includes systems running versions of Windows NT earlier than Windows 2000. NTLM must also be used for logon authentication on stand-alone systems.

 

[Michael via WindowsKB.com]

Thank you, this is all good information but does not answer the question.
Have you seen this problem before, and were you able to resolve it? If so,
HOW?

Michael

Windows NT Challenge/Response (NTLM) is the authentication protocol used on networks that include systems running versions of the Microsoft® Windows NT® operating system earlier than Windows 2000 and on stand-alone systems. NTLM stands for Windows NT LAN Manager, a name chosen to distinguish this more advanced challenge/response-based protocol from its weaker predecessor LAN Manager (LM).

Beginning with Windows 2000, the Microsoft Kerberos security package adds greater security to networked systems than NTLM. Although Microsoft Kerberos is the protocol of choice for Windows 2000 networks, NTLM is still supported and must be used for network authentication if the network includes systems running versions of Windows NT earlier than Windows 2000. NTLM must also be used for logon authentication on stand-alone systems.

Hello,

[quoted text clipped - 22 lines]

Michael