EFS error: event id: 6203 on Windows Server 2003

Archived from groups: microsoft.public.win2000.security (More info?)

Has anyone ever seen this eventid from the source EFS.
I get it every time, i klick on an encrypted file.
After that the encrypted files cannot be accessed.
Error: Access denied.
Client OS is Windows XP SP1.
The whole event message is:
EFS does not support encryption over network sessions established using the
NTLM protocol.
Any comments?
3 answers Last reply
More about error event 6203 windows server 2003
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I believe it is a warning message just to inform you that if you decrypt a
    file over the network that the data will not be encrypted on the wire. The
    access denied probably means that you do not have an EFS certificate/private
    key on the computer where the encrypted file exists. Also to encrypt files
    on a network server, the computer must be trusted for delegation in it's
    computer account properties in Active Directory Users and Computers. The
    link below explains more. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;en-us;320044

    "mika2004" <mika2004@discussions.microsoft.com> wrote in message
    news:D7B41740-37E9-4349-86F2-B19FB825849B@microsoft.com...
    > Has anyone ever seen this eventid from the source EFS.
    > I get it every time, i klick on an encrypted file.
    > After that the encrypted files cannot be accessed.
    > Error: Access denied.
    > Client OS is Windows XP SP1.
    > The whole event message is:
    > EFS does not support encryption over network sessions established using
    > the
    > NTLM protocol.
    > Any comments?
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    In article <A_igd.324219$MQ5.31064@attbi_s52>, n9rou@n0-spam-for-me-
    comcast.net says...
    > I believe it is a warning message just to inform you that if you decrypt a
    > file over the network that the data will not be encrypted on the wire. The
    > access denied probably means that you do not have an EFS certificate/private
    > key on the computer where the encrypted file exists. Also to encrypt files
    > on a network server, the computer must be trusted for delegation in it's
    > computer account properties in Active Directory Users and Computers. The
    > link below explains more. --- Steve
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;320044

    Further to Steve's answer.

    Is the computer a member of the same forest as the server where you are
    attempting to encrypt/decrypt the file? My guess is no, which is why you
    are using NTLM authentication rather than Kerberos. Only Kerberos
    allows Kerberos impersonation, which is enabled when you configure that
    the server computer is trusted for delegation. The server impersonates
    the user, generates a profile, and either generates or uses the EFS key
    pair in that profile for encryption.

    If it is a member of the same forest, is there anything preventing
    Kerberos authentication. Common issues include the incorrect SPN or the
    inability to resolve the server's FQDN in DNS.

    Brian


    >
    > "mika2004" <mika2004@discussions.microsoft.com> wrote in message
    > news:D7B41740-37E9-4349-86F2-B19FB825849B@microsoft.com...
    > > Has anyone ever seen this eventid from the source EFS.
    > > I get it every time, i klick on an encrypted file.
    > > After that the encrypted files cannot be accessed.
    > > Error: Access denied.
    > > Client OS is Windows XP SP1.
    > > The whole event message is:
    > > EFS does not support encryption over network sessions established using
    > > the
    > > NTLM protocol.
    > > Any comments?
    > >
    > >
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Brian, hi Steve,

    thanks for your comments.
    Trusted for delegation was not enabled, but that didn't solve my problem.
    I found out that the error only occurs by accessing files that were
    encrypted on our old file server which is in the meantime switecd off. The
    old server was a domain controller of our Windows 2000 Domains. The files
    were moved using Backup and Restore. We have a single-forest-domain.

    Brian:
    No FQDN to IP-resolution problems, but what's with this Service Principal
    Names.
    No further events are logged. How can I find out if these SPNs are incorrect?

    Thanks

    Michael

    "Brian Komar" wrote:

    > In article <A_igd.324219$MQ5.31064@attbi_s52>, n9rou@n0-spam-for-me-
    > comcast.net says...
    > > I believe it is a warning message just to inform you that if you decrypt a
    > > file over the network that the data will not be encrypted on the wire. The
    > > access denied probably means that you do not have an EFS certificate/private
    > > key on the computer where the encrypted file exists. Also to encrypt files
    > > on a network server, the computer must be trusted for delegation in it's
    > > computer account properties in Active Directory Users and Computers. The
    > > link below explains more. --- Steve
    > >
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;320044
    >
    > Further to Steve's answer.
    >
    > Is the computer a member of the same forest as the server where you are
    > attempting to encrypt/decrypt the file? My guess is no, which is why you
    > are using NTLM authentication rather than Kerberos. Only Kerberos
    > allows Kerberos impersonation, which is enabled when you configure that
    > the server computer is trusted for delegation. The server impersonates
    > the user, generates a profile, and either generates or uses the EFS key
    > pair in that profile for encryption.
    >
    > If it is a member of the same forest, is there anything preventing
    > Kerberos authentication. Common issues include the incorrect SPN or the
    > inability to resolve the server's FQDN in DNS.
    >
    > Brian
    >
    >
    > >
    > > "mika2004" <mika2004@discussions.microsoft.com> wrote in message
    > > news:D7B41740-37E9-4349-86F2-B19FB825849B@microsoft.com...
    > > > Has anyone ever seen this eventid from the source EFS.
    > > > I get it every time, i klick on an encrypted file.
    > > > After that the encrypted files cannot be accessed.
    > > > Error: Access denied.
    > > > Client OS is Windows XP SP1.
    > > > The whole event message is:
    > > > EFS does not support encryption over network sessions established using
    > > > the
    > > > NTLM protocol.
    > > > Any comments?
    > > >
    > > >
    > >
    > >
    > >
    >
Ask a new question

Read More

Windows Server 2003 Event Id Windows