Expired File Recovery Certificate

[Rob M]

Can anyone help with deleting an expired domain file recovery
certificate?

I have admin rights on a WinXP computer on a company domain. All of a
sudden file encryption wouldn't work. When I run RSOP.msc, I can see
that there's an expired file recovery certificate under the Computer
Configuration / Windows Settings / Security Settings / Public Key
Policies / Encypting File System node. I can't delete this or update
this certificate (no option to do that..the only options are Open,
Copy, Properties).

If it's relevant, when I run RSOP.msc, I get the message:

"The latest versions of the ADM files below are not available. This
can be due to insufficient permissions or unavailable network
resources. The local copy of these ADM files will be used."

The problem is an unavailable network resources - the location listed
below this message is no longer valid.

Any suggestions on how to solve this problem to re-enable file
encryption on this computer?

Thanks,
Rob

 

[Rob]

Can anyone help with deleting an expired domain file recovery
certificate?

I have admin rights on a WinXP computer on a company domain. All of a
sudden file encryption wouldn't work. When I run RSOP.msc, I can see
that there's an expired file recovery certificate under the Computer
Configuration / Windows Settings / Security Settings / Public Key
Policies / Encypting File System node. I can't delete this or update
this certificate (no option to do that..the only options are Open,
Copy, Properties).

If it's relevant, when I run RSOP.msc, I get the message:

"The latest versions of the ADM files below are not available. This
can be due to insufficient permissions or unavailable network
resources. The local copy of these ADM files will be used."

The problem is an unavailable network resources - the location listed
below this message is no longer valid.

Any suggestions on how to solve this problem to re-enable file
encryption on this computer?

Thanks,
Rob

Contact your domain admins - it is they who need to update their
servers.

 

[Rob M]

Thanks for the reply. That occurred to me, but other computers on the
domain aren't affected. When I log onto those, I can encrypt files
just fine. Somehow my office computer seems to be the only one
affected. Any other suggestions?

Thanks,
Rob

 

[Rob]

Thanks for the reply. That occurred to me, but other computers on the
domain aren't affected. When I log onto those, I can encrypt files
just fine. Somehow my office computer seems to be the only one
affected. Any other suggestions?

Thanks,
Rob

It sounds like the pointer on that particular machine (to a network
location containing updated certificated) may be corrupted.
Updates like this are normally applied by a domain policy, but something
has obviously gone awry.

This ms article may help:
http://technet.microsoft.com/en-us/library/cc875821.aspx

It seems to suggest that running the following at a command prompt should
update:

Cipher.exe /U

However, if the pointer (presumably somewhere in the registry) is
corrupt, it will generate a similar error to the one you are seeing.

I would fully read the article before proceeding and, still suggest
contacting your domain admin would be best - I wouldn't want to risk
losing access to all encrypted files..

HTH

 

[Rob M]

I think this is exactly what's happened. I'll continue to see what I
can do and see what the IT dept can do.

Thanks again for your help,
Rob