Windows-itpro-docs: DRA certificate added to WIP policy but not found
Running cipher /c with an elevated account on a protected file returns (user name and domain obfuscated):
Compatibility Level: Enterprise Protected
Users who can decrypt: COMPANY\Username
No recovery certificate found.
Enterprise key has been revoked.
The specified file could not be decrypted.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 16e6e551-830e-f69e-31bc-e109e5b594f4
- Version Independent ID: 3396045c-8295-b801-aba5-11a11dd62dc0
- Content: Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate (Windows 10)
- Content Source: windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
- Product: w10
- GitHub Login: @Justinha
- Microsoft Alias: justinha
Martony78
All 6 comments
@Martony78 - thank you for submitting feedback.
I think the best way forward is if you can open a service ticket so this can get resolved ASAP. Based on outcome let me know if it is something that can be called out in the docs.
Please follow this link to contact support for Windows 10 products:
https://support.microsoft.com/en-us/hub/4338813/windows-help?os=windows-10
If you don't mind please keep us posted here on the resolution and I really want to get this information you are discovering back into the docs.
mypil
on 4 Mar 2019
Ticket created on 02/27, waiting for a resolution, I’ll post it here
Martony78
on 5 Mar 2019
@AndreaBarr - This issue can be closed. Thank you.
mypil
on 5 Mar 2019
Ticket created on 02/27, waiting for a resolution, I’ll post it here
Hey Martony, I'm facing the same issue. Could you please let us know how you fixed the issue? My DRA cert that is part of our WIP policy doesn't show up in when executing cypher /c
Thanks!
Chuck-99
on 22 Nov 2019
Have a look at your Default Domain Policy registry.pol if it has an ESFBlob setting.
That was the problem in my case, an old setting from DC 2003 I had to delete manually because was not showing in the Group Policy Editor...
Martony78
on 17 Dec 2019
BTW Microsoft was unable to solve it, I had to find and resolve the issue myself.
Martony78
on 17 Dec 2019
Related issues
helloitsliam
·
3Comments
arcotek-ltd
·
3Comments
RAJU2529
·
3Comments
marcnil815
·
3Comments
thohun
·
3Comments
Most helpful comment
@Martony78 - thank you for submitting feedback.
I think the best way forward is if you can open a service ticket so this can get resolved ASAP. Based on outcome let me know if it is something that can be called out in the docs.
Please follow this link to contact support for Windows 10 products:
https://support.microsoft.com/en-us/hub/4338813/windows-help?os=windows-10
If you don't mind please keep us posted here on the resolution and I really want to get this information you are discovering back into the docs.