in my organization, i have a deadline to deploy EFS using AD CS, and i am working with a singlewindows server 2003 box, which is the Root CA, and is the same server responsible to certificate enrollment. All configuration, enrollment, issuance etc. works well, except, after creating a file and encrypting it, only the file creator and the recovery agent can access that file. others get an "Access Denied" error, even after adding their certificate to the file.
I have recreated the same scenario over and over again using a virtual environment(vmware) and itworks perfectly, But when i apply the same steps in the real server, all works except the part where other users get the "Access Denied" error when trying to access files encrypted.
Am i doing something wrong? what could be the possible reason for this? please if you need any detail, ask me. thanks