Asked
Updated
Viewed
13.6k times

We have about 50 workstations we use EFS (Encrypting File System) on to encrypt a SQL 2005 database. I am in the process of building a new one and when I got to the point of encrypting the database I get this error:

Recovery policy configured for this system contains invalid recovery certificate

The thing is, the certificate for the EFS account is not expired. I have tried renewing the key, I have tried getting a new one and nothing is working. According to Google, I am not alone. Certificates are not my strong suit. I do have a CA and it is issuing keys. I don't know where to go from here and I need to get this working ASAP.

Thanks in advance.

  • 0
    I looked at that. The key to that one is this: > When a client computer uses the Encrypting File System (EFS) to encrypt a file that is stored on a remote computer in a Microsoft Windows Server 2003 domain, you may receive an error message on the computer that resembles the following: The client is encrypting a local file. I can give it a shot just to rule it out. — grinch2171
  • 0
    I looked at that. The key to that one is this: When a client computer uses the Encrypting File System (EFS) to encrypt a file that is stored on a remote computer in a Microsoft Windows Server 2003 domain, you may receive an error message on the computer that resembles the following. The client is encrypting a local file. I can give it a shot just to rule it out. — grinch2171
add a comment
1

1 Answer

  • Votes
  • Oldest
  • Latest
Answered
Updated

I finally solved this mystery.

The recovery agent key was expired so I made a new one and deleted the old one and now EFS is working. Here are the steps who fix this:

  1. Open up the Default Domain Group Policy
  2. Navigate to:
    Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Encrypting File System
    
  3. Create new recovery agent key.
add a comment
1