Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You cannot decrypt data after you encrypt it by using CredLocker in Windows 8.1 or Windows Server 2012 R2

You cannot decrypt data after you encrypt it by using CredLocker in Windows 8.1 or Windows Server 2012 R2

View products that this article applies to.

Symptoms

Consider the following scenario:

  • You enable a Work Folders service on a file server that is running Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2 in a domain.
  • You create credentials in the CredLocker tool to encrypt data on the file server.
  • You change the password of your domain account on a computer, and then you log on to another computer by using the new password in the same domain.
In this scenario, the credentials in the CredLocker tool become corrupted. Therefore, you cannot access the data on the file server.

↑ Back to the top

Cause

This issue occurs because the Data Protection API (DPAPI) cannot recover a key that calls MasterKey from a domain controller after a password is changed on a domain-joined computer.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about software update terminology, see the Description of the standard terminology that is used to describe Microsoft software updates.

↑ Back to the top

Keywords: kb, kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced

↑ Back to the top

Article Info
Article ID : 2987135
Revision : 1
Created on : 1/7/2017
Published on : 11/18/2014
Exists online : False
Views : 212