Microsoft KB Archive/817547

= EFS encrypted data on a cluster node are unreachable =

Article ID: 817547

Article Last Modified on 4/29/2003

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server

-



SYMPTOMS
When using Encrypted File System on a cluster and when you don't use roaming profile, you may be refused access to files that have been encrypted earlier.



CAUSE
When using EFS to encrypt data on a shared disk, you receive a certificate from the node who handle the ressource. This certificate and the associated keys are stored in your profile. Once the ressource has failed over to the other node and when you want to access the data, as you don't have the key needed to decrypt in your local profile, you cannot access the files.



RESOLUTION
There are two solutions to this problem :


 * Use roaming profile,
 * Import the certificate and the keys in the other local profile.

The best solution is to convert the local profile that contains the certificate into roaming profile, so it will be available wherever you log on. This means that the certificate and the keys are always reachable and the data can be encrypted or decrypted on both nodes.

The second solution consists in exporting the certificate and the keys (using a .pfx file, pkcs#12 format) from the node where data have been encrypted and import them in the local profile on the other node. This needs to be done each time the certificate expires.

Keywords: kbclustering kbefs KB817547

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.