Backup fails due to files being encrypted

Have you tried moving the files to another share and have the nas to have a full access to it? There is a possiblity that a permission preventing it the nas to perform the copy command. Please also post the backup job log. Thanks.

By another share, you are implying a different directory on my work PC? I'm sure that would solve the issue since a directory outside of My Documents, Desktop and Outlook would not have a group policy for encrypting those files by default. For example, my favorites works just fine but of course are not encrypted. I cannot move the Desktop/Outlook directories which means I still don't have a complete working solution. I actually thought it was a setting on the individual files themselves but it's completely related to the digital signing by my digital certificate. For example, I unenrypted all the files last week and those copied over just fine. However, those are now encrypted (policy push) and don't propose a problem unless changed. However, the new files I created since are not copied over. I cannot provide the specific log as the data in nature is sensitive and hence the default encryption policy. That being said, here is what I see for the files that fail:

cp: cannot open '/job_007//path' for reading: Permission denied

As you pointed out, the copy command fails. I guess what I don't understand is why it needs to open when it just needs to copy them. I may be missing something here about the copy function though. :?

Encryption shouldn't be a problem since all the backup job sees is data, it doesn't care what's in the file. My guess is that whatever is doing the encryption is giving the output file a set of permissions that prevent the NAS from reading the file. When you decrypt the file, you're probably writing the file with permissions that allow the NAS to read. The first thing I'd do is compare the permissions on an encrypted file to that of a decrypted file.

ewok wrote:

Encryption shouldn't be a problem since all the backup job sees is data, it doesn't care what's in the file. My guess is that whatever is doing the encryption is giving the output file a set of permissions that prevent the NAS from reading the file. When you decrypt the file, you're probably writing the file with permissions that allow the NAS to read. The first thing I'd do is compare the permissions on an encrypted file to that of a decrypted file.

I compared two files, one encrypted and one unencrypted and see no descripencies between the permissions. I then found this: http://technet.microsoft.com/en-us/library/bb457116.aspx#EFAA

Scroll down to Considerations for Sharing Encrypted Files and look specifically at #3.

Namely:

3.EFS sharing requires that the users who will be authorized to access the encrypted file have EFS certificates. These certificates can be located in roaming profiles or in the user profiles on the computer on which the file to be shared is stored, or they can be stored in and retrieved from Active Directory.


I did save the self-signing certificate from the NAS to the root folder for IE which gets rid of its annoying warning upon login. I also exported it from there and tried to import it into the personal folder so I could add the NAS's certificate as a user allowed read access. Unfortunately, even though it shows successful on the import the certificate is never shown under the user profiles. It's most like due to the NAS not being a legit user in the Active Domain.

Any other ideas? I'm beginning to think the best approach is to move My Documents to a folder on C drive and repoint all the email archives to a non-system-root folder for Outlook. I'm unable to change the group policies but this would side step the encryption for all but the Desktop.