EFS encrypted data on a cluster node are unreachable (817547)
The information in this article applies to:
- Microsoft Windows 2000 Advanced Server
SYMPTOMSWhen using Encrypted File System on a cluster and when you
don't use roaming profile, you may be refused access to files that have been
encrypted earlier.CAUSEWhen using EFS to encrypt data on a shared disk, you receive
a certificate from the node who handle the ressource. This certificate and the
associated keys are stored in your profile. Once the ressource has failed over
to the other node and when you want to access the data, as you don't have the
key needed to decrypt in your local profile, you cannot access the
files.RESOLUTIONThere are two solutions to this problem : - Use roaming profile,
- Import the certificate and the keys in the other local
profile.
The best solution is to convert the local profile that
contains the certificate into roaming profile, so it will be available wherever
you log on. This means that the certificate and the keys are always reachable
and the data can be encrypted or decrypted on both nodes. The second
solution consists in exporting the certificate and the keys (using a .pfx file,
pkcs#12 format) from the node where data have been encrypted and import them in
the local profile on the other node. This needs to be done each time the
certificate expires.
| Modification Type: | Major | Last Reviewed: | 4/29/2003 |
|---|
| Keywords: | kbEFS kbClustering KB817547 kbAudITPRO |
|---|
|