Expired File Recovery Certificate


R

Rob M

Can anyone help with deleting an expired domain file recovery
certificate?

I have admin rights on a WinXP computer on a company domain. All of a
sudden file encryption wouldn't work. When I run RSOP.msc, I can see
that there's an expired file recovery certificate under the Computer
Configuration / Windows Settings / Security Settings / Public Key
Policies / Encypting File System node. I can't delete this or update
this certificate (no option to do that..the only options are Open,
Copy, Properties).

If it's relevant, when I run RSOP.msc, I get the message:

"The latest versions of the ADM files below are not available. This
can be due to insufficient permissions or unavailable network
resources. The local copy of these ADM files will be used."

The problem is an unavailable network resources - the location listed
below this message is no longer valid.

Any suggestions on how to solve this problem to re-enable file
encryption on this computer?

Thanks,
Rob
 
Ad

Advertisements

R

Rob

Can anyone help with deleting an expired domain file recovery
certificate?

I have admin rights on a WinXP computer on a company domain. All of a
sudden file encryption wouldn't work. When I run RSOP.msc, I can see
that there's an expired file recovery certificate under the Computer
Configuration / Windows Settings / Security Settings / Public Key
Policies / Encypting File System node. I can't delete this or update
this certificate (no option to do that..the only options are Open,
Copy, Properties).

If it's relevant, when I run RSOP.msc, I get the message:

"The latest versions of the ADM files below are not available. This
can be due to insufficient permissions or unavailable network
resources. The local copy of these ADM files will be used."

The problem is an unavailable network resources - the location listed
below this message is no longer valid.

Any suggestions on how to solve this problem to re-enable file
encryption on this computer?

Thanks,
Rob
Contact your domain admins - it is they who need to update their
servers.
 
R

Rob M

Thanks for the reply. That occurred to me, but other computers on the
domain aren't affected. When I log onto those, I can encrypt files
just fine. Somehow my office computer seems to be the only one
affected. Any other suggestions?

Thanks,
Rob
 
R

Rob

Thanks for the reply. That occurred to me, but other computers on the
domain aren't affected. When I log onto those, I can encrypt files
just fine. Somehow my office computer seems to be the only one
affected. Any other suggestions?

Thanks,
Rob

It sounds like the pointer on that particular machine (to a network
location containing updated certificated) may be corrupted.
Updates like this are normally applied by a domain policy, but something
has obviously gone awry.

This ms article may help:
http://technet.microsoft.com/en-us/library/cc875821.aspx

It seems to suggest that running the following at a command prompt should
update:

Cipher.exe /U

However, if the pointer (presumably somewhere in the registry) is
corrupt, it will generate a similar error to the one you are seeing.

I would fully read the article before proceeding and, still suggest
contacting your domain admin would be best - I wouldn't want to risk
losing access to all encrypted files..

HTH
 
Ad

Advertisements

R

Rob M

I think this is exactly what's happened. I'll continue to see what I
can do and see what the IT dept can do.

Thanks again for your help,
Rob
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top