General discussion


synchronizing offline encrypted files

By LauraA ·
I have my mobile users laptops set to synchronize on logon and logoff, and their offline files are encrypted. They have been getting messages when synching "offline files (servername\storage on servername): unable to make 'filename' available offline on 'networkpath'. Access is denied." When I look in their offline files, the files they have created when offline are not marked with the synchronizing icon, and these files do not show up in their network folders. The users are at SP2 plus any security updates. The docs are mostly word and excel files.

I tested with the user being both a power user (default) and administrator. i tested a doc saved online, but it did not show up offline, and did not have the offline icon on it. her my documents, which is set to her network folder, is set to be synched and encrypted.

What is not working here?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by LauraA In reply to synchronizing offline enc ...

i just removed the encrypt offline files option from her network folder, logged out, and didn't get any of the error messages that had occurred.

all of the files that were created offline, that were not marked to be synched, now are, and available both online and off.

Collapse -

by BFilmFan In reply to synchronizing offline enc ...

Were the file encrypted with Microsoft's EFS or some third-party product?

Collapse -

by LauraA In reply to

MS - the folder options for the network folder are set to enable offline files, synch on log on and log off, and encypt offline files; well, the offline files are not set anymore to encrypt, but they were.

Collapse -

by LauraA In reply to synchronizing offline enc ...

Point value changed by question poster.

COME ON!!!! Someone out there must have some idea why I can't both encrypt and synchronize my network files. We are only talking word and excel docs for the most part.

Collapse -

by jm In reply to synchronizing offline enc ...

I apologize if I am being too literal, but you said that 'encrypt' is set on the network folder.

If you choose to 'encrypt' a network folder by going into its folder properties, then users will not be able to synch with it. Encrypting a network folder this way protects you in the case that someone walks out of your company with the file server in their pocket and then brings up the disk drives on a different computer to steal the files. They can't access the files without a user account or an administrator account. Obviously, unless you are running a field command in Iraq, your actual risk level here may not be very high.

If what you want to do is encrypt the synch stuff that people are carrying around on their laptop, the way to do this is to go into control panel on the user's computer, Folder Options -> Offline Files -> then check Encrypt Offline Files to Store Data. Then if they lose the laptop, and someone does not have the XP password, they can't read the files in offline folders.

If I'm being too literal here and this is unhelpful then please explain to me why you are doing this and I might have a better answer for you in my comments.

Collapse -

by LauraA In reply to

It is their offline files that are set to be encrypted ...... also, it did synch the files until they made changes or added new files on the network share. on log off, these files are the ones being noted with the error message that they can not be made available offline. as soon as i unselected the encrypt offline files option, in folder options, offline files, these files were then able to be synchronized on log on and log off.

Collapse -

by pclemente2 In reply to synchronizing offline enc ...

Could you tell me what Group Policies are in place?? Locally and possibily from your Network. Also your server OS 2000 / 2003 I have seen them behave differently. DES is it the same on both sides?

From Microsoft:

You can think of encryption as locking something valuable into a strong box with a key. Sensitive data is encrypted by using an encryption algorithm and a key, which renders it unreadable without the knowledge of the key. Data encryption keys are determined at connect time between the connecting computers. The use of data encryption can be initiated by your computer or by the server you are connecting to.

Network Connections supports two types of encryption:

? Microsoft MPPE, which uses RSA RC4 encryption.

? An implementation of Internet Protocol security (IPSec) that uses Data Encryption Standard (DES) encryption.

Both MPPE and IPSec support multiple levels of encryption, as shown in the following table.

Encryption type Level of encryption supported
MPPE Standard
40-bit, 56-bit

MPPE Strong


IPSec Triple DES

Don't know if this will help or put you on the right track... Best of luck

Collapse -

by dimitri.sophos In reply to synchronizing offline enc ...

The closest I have come to resolve is as follows:

The most common issue in using EFS is the association of the file and the certificate used to encrypt the file. If the user or DRA does not have the private key associated with the certificate identified in the file's advanced details, the user will not be able to open the file.

The most common error a user will receive is "access denied". To easily determine which certificates were used to encrypt the file, select the advanced details button of the file properties. Both the user that can decrypt the file and the DRA that can recover the file are listed, along with the certificate thumbprint of the certificates used to encrypt the session key for the file. The second most common issue is that a server is not trusted for delegation when trying to encrypt or decrypt a file on a remote server. Additional issues that may result involve the use of an improper cryptographic service provider (CSP) or invalid certificate extensions required by EFS.

Collapse -

by dimitri.sophos In reply to synchronizing offline enc ...

In addition to my earlier posting came across the following...

Access is denied possible causes:

- 1. The file is encrypted by another user. 2. You do not have the appropriate NTFS permission. 3. On network disks, the server account must be allowed for delegating. 4. Your profile, certificate or private key is not available.

Collapse -

Did you ever get a satisfactory solution?

by epilote In reply to synchronizing offline enc ...

I found your post while searching for an answer to the exact same issue you were facing last year. If you found a solution to your issue, I'd sure love to hear what it was.

Related Discussions

Related Forums