cannot decrypt files following server upgrade

Brian Kerr (Telecomms) 96 Reputation points


Server 2012R2 was upgraded to server 2019, now AD users cannot decrypt files. If i restore the original 2012r2 server files can be decrypted no problem, so what has happened to stop this?


Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,443 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,526 questions
0 comments No comments
{count} votes

Accepted answer
  1. Brian Kerr (Telecomms) 96 Reputation points

    it was using EFS, for each of the users who had encrypted their files, there was a logon profile on the upgraded server . I dont know how this got their, but anyway if i gave them temporary logon rights to the server itself they could then decrypt the files as that user. It was something to do with them having a key??? (i dont know much about Encryption) under
    %Appdata%\Roaming\Microsoft\SystemCertificates\My\Certificates (i think) which obviously didn't exist on their new profiles

    thanks for the replies

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Thameur-BOURBITA 32,496 Reputation points


    Can you tell us more about the technologies used for file encryption ?

    0 comments No comments

  2. Carl Fan 6,836 Reputation points

    You mean that you're using Bitlocker or EFS.
    After we upgraded the system version, could you enter Bitlocker recovery key or EFS file encryption certificate and key to decrypt?
    Hope this helps and please help to accept as Answer if the response is useful.
    Best Regards,

    0 comments No comments