Sign in with
Sign up | Sign in
Your question

EFS error: event id: 6203 on Windows Server 2003

Last response: in Windows 2000/NT
Share
Anonymous
October 28, 2004 8:03:04 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Has anyone ever seen this eventid from the source EFS.
I get it every time, i klick on an encrypted file.
After that the encrypted files cannot be accessed.
Error: Access denied.
Client OS is Windows XP SP1.
The whole event message is:
EFS does not support encryption over network sessions established using the
NTLM protocol.
Any comments?
Anonymous
October 29, 2004 7:42:24 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I believe it is a warning message just to inform you that if you decrypt a
file over the network that the data will not be encrypted on the wire. The
access denied probably means that you do not have an EFS certificate/private
key on the computer where the encrypted file exists. Also to encrypt files
on a network server, the computer must be trusted for delegation in it's
computer account properties in Active Directory Users and Computers. The
link below explains more. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;320044

"mika2004" <mika2004@discussions.microsoft.com> wrote in message
news:D 7B41740-37E9-4349-86F2-B19FB825849B@microsoft.com...
> Has anyone ever seen this eventid from the source EFS.
> I get it every time, i klick on an encrypted file.
> After that the encrypted files cannot be accessed.
> Error: Access denied.
> Client OS is Windows XP SP1.
> The whole event message is:
> EFS does not support encryption over network sessions established using
> the
> NTLM protocol.
> Any comments?
>
>
Anonymous
October 29, 2004 11:06:18 AM

Archived from groups: microsoft.public.win2000.security (More info?)

In article <A_igd.324219$MQ5.31064@attbi_s52>, n9rou@n0-spam-for-me-
comcast.net says...
> I believe it is a warning message just to inform you that if you decrypt a
> file over the network that the data will not be encrypted on the wire. The
> access denied probably means that you do not have an EFS certificate/private
> key on the computer where the encrypted file exists. Also to encrypt files
> on a network server, the computer must be trusted for delegation in it's
> computer account properties in Active Directory Users and Computers. The
> link below explains more. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;320044

Further to Steve's answer.

Is the computer a member of the same forest as the server where you are
attempting to encrypt/decrypt the file? My guess is no, which is why you
are using NTLM authentication rather than Kerberos. Only Kerberos
allows Kerberos impersonation, which is enabled when you configure that
the server computer is trusted for delegation. The server impersonates
the user, generates a profile, and either generates or uses the EFS key
pair in that profile for encryption.

If it is a member of the same forest, is there anything preventing
Kerberos authentication. Common issues include the incorrect SPN or the
inability to resolve the server's FQDN in DNS.

Brian


>
> "mika2004" <mika2004@discussions.microsoft.com> wrote in message
> news:D 7B41740-37E9-4349-86F2-B19FB825849B@microsoft.com...
> > Has anyone ever seen this eventid from the source EFS.
> > I get it every time, i klick on an encrypted file.
> > After that the encrypted files cannot be accessed.
> > Error: Access denied.
> > Client OS is Windows XP SP1.
> > The whole event message is:
> > EFS does not support encryption over network sessions established using
> > the
> > NTLM protocol.
> > Any comments?
> >
> >
>
>
>
Anonymous
November 3, 2004 2:48:04 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Brian, hi Steve,

thanks for your comments.
Trusted for delegation was not enabled, but that didn't solve my problem.
I found out that the error only occurs by accessing files that were
encrypted on our old file server which is in the meantime switecd off. The
old server was a domain controller of our Windows 2000 Domains. The files
were moved using Backup and Restore. We have a single-forest-domain.

Brian:
No FQDN to IP-resolution problems, but what's with this Service Principal
Names.
No further events are logged. How can I find out if these SPNs are incorrect?

Thanks

Michael

"Brian Komar" wrote:

> In article <A_igd.324219$MQ5.31064@attbi_s52>, n9rou@n0-spam-for-me-
> comcast.net says...
> > I believe it is a warning message just to inform you that if you decrypt a
> > file over the network that the data will not be encrypted on the wire. The
> > access denied probably means that you do not have an EFS certificate/private
> > key on the computer where the encrypted file exists. Also to encrypt files
> > on a network server, the computer must be trusted for delegation in it's
> > computer account properties in Active Directory Users and Computers. The
> > link below explains more. --- Steve
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;320044
>
> Further to Steve's answer.
>
> Is the computer a member of the same forest as the server where you are
> attempting to encrypt/decrypt the file? My guess is no, which is why you
> are using NTLM authentication rather than Kerberos. Only Kerberos
> allows Kerberos impersonation, which is enabled when you configure that
> the server computer is trusted for delegation. The server impersonates
> the user, generates a profile, and either generates or uses the EFS key
> pair in that profile for encryption.
>
> If it is a member of the same forest, is there anything preventing
> Kerberos authentication. Common issues include the incorrect SPN or the
> inability to resolve the server's FQDN in DNS.
>
> Brian
>
>
> >
> > "mika2004" <mika2004@discussions.microsoft.com> wrote in message
> > news:D 7B41740-37E9-4349-86F2-B19FB825849B@microsoft.com...
> > > Has anyone ever seen this eventid from the source EFS.
> > > I get it every time, i klick on an encrypted file.
> > > After that the encrypted files cannot be accessed.
> > > Error: Access denied.
> > > Client OS is Windows XP SP1.
> > > The whole event message is:
> > > EFS does not support encryption over network sessions established using
> > > the
> > > NTLM protocol.
> > > Any comments?
> > >
> > >
> >
> >
> >
>
!