I have a user whose profile became corrupted and lost EFS keys on recreation of profile. I have a valid EFS Recovery policy in the domain. I have logged on as an administrator, imported the recovery key PFX (public AND private keys both and double checked). I checked the file for recovery agents and matched the thumbprint to my key in the certificate store. They match. So my admin account has the private key imported (which seems to be the most common mistake). Yet, I still cannot decrypt the files. I get access is denied every time. I also checked NTFS permissions and those are correct. The recovery key is valid and is not revoked. The certification path is all green checkmarks. Everything seems to be in place for a recovery of the data. But it's not working.
What am I missing?