EFS Recovery Agent Cannot Export Private Keys
Article ID: 259732 - View products that this article applies to.
This article was previously published under Q259732
When you attempt to perform encrypted data recovery, the "Export Private Key" section of the Certificate Export Wizard is either skipped completely, or the Yes, export the private key option within the "Export Private Key" screen is inactive and cannot be selected. The No, do not export the private key option is the only valid selection. If the option to export the private key is inactive, the following error message is displayed:
Typically, the option to export the private key at the "Export Private Key" section of the Certificate Export Wizard is available.
Note: The associated private key cannot be found. Only the certificate can be exported.
This behavior can occur if the Administrator profile was overwritten with another user's profile. Users that belong to the local Administrator group can copy a user profile over another user's profile. This is typically done to replicate profiles with minimal effort. If this is done to the local Administrator profile, the computer no longer recognizes the administrator as a valid EFS Recovery Agent.
You may also experience this behavior if you made the request of the certificate server not to issue exportable certificates. The only way around this is to request a new certificate if you already have one issued.
IMPORTANT: Do not delete the existing certificate until all of the data has been un-encrypted and then re-encrypted.
NOTE: The default EFS Recovery Agent of a stand-alone Windows 2000 Professional-based computer that is not a member of a domain is local Administrator.
To restore the Recovery Agent's private key, use one of the following methods:
For additional information about EFS in Windows 2000, click the article numbers below to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/241201/EN-US/ )HOW TO: Back Up Your Encrypting File System Private Key in Windows 2000
(http://support.microsoft.com/kb/255742/EN-US/ )Methods for Recovering Encrypted Data Files
(http://support.microsoft.com/kb/223316/EN-US/ )Best Practices for Encrypting File System
242296Additional EFS-related information is available at the following Microsoft Web site:
(http://support.microsoft.com/kb/242296/EN-US/ )How to Restore an EFS Private Key for Encrypted Data Recovery