Issue opening files created in Windows EFS directory from UNIX clients over the NFS connection from Windows Server 2008 R2

In recent past, we did have multiple customer reporting issues on files getting corrupted for the below scenario “files created in Windows EFS directory from UNIX clients over the NFS connection” 

The environment in questions was Windows 2008 R2 as NFS server and Linux client as NFS client. 

With our troubleshooting and research we found out that the issue is due to the way the users' token impersonation in done in Windows Server 2008/2008 R2. The behavior is by design. In addition to that, we also were able to find another very important piece of information about EFS and NFS combination. It turned out that when using EFS, the files and folders, created from the UNIX NFS clients, can only accessed from the UNIX NFS clients. The corresponding Windows/AD users on the Windows systems locally or over the network will not be able to access them as long as they are encrypted. This is a by design in Server for NFS component in Windows Server 2008 and Windows Server 2008 R2.

For example, if we create a file from Unix clients on an EFS NFS share, you would be observe the below information in the properties of the file. This is the reason why the mapped AD user is unable to open the file from Windows NFS server.

Hence, to conclude we can say EFS over NFS have not been tested and is not recommended. Using BitLocker would be a better option to secure the environment.