I do some consulting work, so for my home / home office network I'm using Windows SBS 2008 server, with Windows 7 clients on my desktop and PC.
I have user folder redirection since I've setup SBS, and things have been working fine. The Windows 7 clients used the setting correctly, and Windows setup Offline Files, and the server enables encryption of offline files.
I suddenly started having a problem where new files created in offline avaible folders (such as My Documents) would allow the file to be created, but trying to access them immediately resulted in Access denied errors. Existing files were fine.
I disabled offline files on my desktop and cleared the offline file cache completely. I re-enabled it, and try to sync My Documents again however every file now resulted in an Access Denied message. I can see the files just fine on the share, the errors are coming from the cached copies of the files.
I haven't changed anything, this problem just appeared one day.
Any ideas on how to get my offline file cache working again?
Best Answer
You may have an expired EFS Data Recovery Agent certificate for your domain.
Test if this is the case by using this procedure:
If the recovery agent isn't valid you won't be able to encrypt the file and you will receive an error indicating a problem with the recovery agent.
To resolve this issue replace the expired certificate and update Group Policy on the impacted workstations.
From the Microsoft Directory Services Team Blog:
Find the certificate
On the server, locate and open the
Default Domain Policy
navigate toComputer Configuration -> Windows Settings -> Public Key Policies -> Encrypting File System
In the right-hand pane, right-click on the expired certificate and select
All Tasks | Export
Create a new certificate
cipher /r:<filename-without-extension>
and use any password you wish when promptedImport the certificate and refresh Group Policy
Encrypting File System
, and selectAdd Data Recovery Agent
YES
if you are warned about revocation or prompted to the install the certificate.gpupdate /force
at a command promptConfirm your existing files have been updated with the new DRA certificate