Encryption with errors

I had task: I can create encrypted folder. OK, thi is easy, nothing special 🙂

First error was: I didn’t able to encrypt our folder, becouse i get this error message:
Recovery policy configured for this system contains invalid recovery certificate

My Recovery Agent certifcate was expired.

You can solve this problem, when you are going to

1 – Group Policy Editor, and Edit Default Domain Policy
2 – Click Computer Configuration, expand Policies, expand Windows Settings, expand Security Settings, expandPublic Key Policies, and then click Encrypting File System
3 – Here you will see Administrator’s expired certificate
4 – Add other user, i did this (or enroll now certificate to Administrator)
a – right click Encrypting File System and click Create Data Recovery Agent option
5 – Update group policy on file server (cmd -> gpupdate)

Secund error message:
Ok, i able to encrypt our folder, thats good, but now a couldn’t add new user to ACL, which are able to access to file.

A geted this error message:
The revocation function was unable to check revocation because the revocation server was offline

I checked CRL list, i can download from browser (for eximple: IE), the lists ware up to date, and i try turn off revocation check, but the problem was not disapired.

I exported my user certificate, and checked my pc with this command.

Certutil –verify –urlfetch <CA cert>.cer

On my desktop pc that was right, but when i ran the file server i can saw error messages. When the server tried read crl list, i can see timeout message.

netsh winhttp show proxy

I reconized, this query show wrong proxy address.

netsh winhttp set proxy IP-ADDRESS:80

I changed the old proxy address from old to new one, and woalaa, i’m able to add new users to acl list.

File server: Windows Server 2012 R2
CA: Windows Server 2008 R2