When a user encrypts a file stored on a Windows file server the actual encryption of the file occurs on the server. To accomplish this, a special profile is created on the server in order to create and store an EFS (Encrypting File System) encryption key on behalf of the user. Thereafter, each time the user accesses their encrypted files on the server, this special profile is loaded on behalf of the user, and the previously created encryption key is used.
Issue: These special user profiles are not migrated when a Windows file server is upgraded to Windows Server 2008. When a user attempts to access their encrypted files, the upgraded file server does not see a special profile for that user and subsequently invokes the creation of a new special profile, with new EFS encryption keys. These new keys are now different than the original keys for the user, and therefore the decryption of previously encrypted files fails.
Read more about it
here and download the tool from
here.
