EFS error: event id: 6203 on Windows Server 2003

G

Guest

Has anyone ever seen this eventid from the source EFS.
I get it every time, i klick on an encrypted file.
After that the encrypted files cannot be accessed.
Error: Access denied.
Client OS is Windows XP SP1.
The whole event message is:
EFS does not support encryption over network sessions established using the
NTLM protocol.
Any comments?
 
S

Steven L Umbach

I believe it is a warning message just to inform you that if you decrypt a
file over the network that the data will not be encrypted on the wire. The
access denied probably means that you do not have an EFS certificate/private
key on the computer where the encrypted file exists. Also to encrypt files
on a network server, the computer must be trusted for delegation in it's
computer account properties in Active Directory Users and Computers. The
link below explains more. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;320044
 
B

Brian Komar

n9rou@n0-spam-for-me- said:
I believe it is a warning message just to inform you that if you decrypt a
file over the network that the data will not be encrypted on the wire. The
access denied probably means that you do not have an EFS certificate/private
key on the computer where the encrypted file exists. Also to encrypt files
on a network server, the computer must be trusted for delegation in it's
computer account properties in Active Directory Users and Computers. The
link below explains more. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;320044
Click to expand...

Further to Steve's answer.

Is the computer a member of the same forest as the server where you are
attempting to encrypt/decrypt the file? My guess is no, which is why you
are using NTLM authentication rather than Kerberos. Only Kerberos
allows Kerberos impersonation, which is enabled when you configure that
the server computer is trusted for delegation. The server impersonates
the user, generates a profile, and either generates or uses the EFS key
pair in that profile for encryption.

If it is a member of the same forest, is there anything preventing
Kerberos authentication. Common issues include the incorrect SPN or the
inability to resolve the server's FQDN in DNS.

Brian
 
G

Guest

Hi Brian, hi Steve,

thanks for your comments.
Trusted for delegation was not enabled, but that didn't solve my problem.
I found out that the error only occurs by accessing files that were
encrypted on our old file server which is in the meantime switecd off. The
old server was a domain controller of our Windows 2000 Domains. The files
were moved using Backup and Restore. We have a single-forest-domain.

Brian:
No FQDN to IP-resolution problems, but what's with this Service Principal
Names.
No further events are logged. How can I find out if these SPNs are incorrect?

Thanks

Michael
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

EFS Event ID: 6203 on Windows Server 2003 6
EFS Event ID: 6203 on Windows Server 2003 4
Event Code: 5783 1
EFS does not support encryption over network sessions established using the NTLM 2
using efs 3
Securing Code On My Laptop 9
Failed Logon Events [Event ID 4625; Logon Type 8; Procss Name: w3wp; Process: Advapi] 1
Event ID 1202 and 1085 on Windows XP Client 0

Top