Teknoratti
Technical User
the selected user has no certificates suitable for encrypted file system recovery and cannot be added as a recovery agent"
This happens when I try to add a recovery agent on the DC group policy.
steps taken thus far,
1- added user to the efs recovery agent template and gave appropriate perms
2- logged into the DC as the user I wanted to give recovery agent access, then requested a recovery agent certificate so that the certificate would be stored on the DC
3- Added the user to the domain admin group thinking it might have been a user right problem.
CA was installed as an Enterprise Root CA. inside the certificate template, the publish to active directory checkbox is greyed out.
I was able to circumvent this problem however by using the users certificate which I manually mapped to. However this is not as seamless as adding users from AD.
If anyone can shed some light that would be great.
This happens when I try to add a recovery agent on the DC group policy.
steps taken thus far,
1- added user to the efs recovery agent template and gave appropriate perms
2- logged into the DC as the user I wanted to give recovery agent access, then requested a recovery agent certificate so that the certificate would be stored on the DC
3- Added the user to the domain admin group thinking it might have been a user right problem.
CA was installed as an Enterprise Root CA. inside the certificate template, the publish to active directory checkbox is greyed out.
I was able to circumvent this problem however by using the users certificate which I manually mapped to. However this is not as seamless as adding users from AD.
If anyone can shed some light that would be great.
