Win 7 cannot create file on EFS network share

I have a Win 7 Ultimate desktop machine (server) and a Win 7 Pro laptop (client) on a workgroup network. Both client and server machine have an administrator user account of the same name, with the same password

On the server machine are several network shares. The administrator account has access to all shares, and is the owner of the shares. One of the shares is encrypted with EFS.

From the client machine I can read files in the EFS share and modify and save files in the share. But for some reason I cannot move files to the share or create new files in the share. Any attempt to do so fails with the error "You need permission to perform this action."

For a single attempt to create a file in the share the server's event view security log reports about 50 errors identical to this one.

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          12/06/2011 13:01:53
Event ID:      5061
Task Category: System Integrity
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Bob-Server
Description:
Cryptographic operation.

Subject:
    Security ID:        Bob-Server\Bob
    Account Name:       Bob
    Account Domain:     Bob-Server
    Logon ID:       0x23ac9a

Cryptographic Parameters:
    Provider Name:  Microsoft Software Key Storage Provider
    Algorithm Name: RSA
    Key Name:   0275500c-4fdf-4ac8-85e1-3eb01ab7f5c7
    Key Type:   User key.

Cryptographic Operation:
    Operation:  Open Key.
    Return Code:    0x8009000b
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5061</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2011-06-12T12:01:53.260876000Z" />
    <EventRecordID>6375</EventRecordID>
    <Correlation />
    <Execution ProcessID="588" ThreadID="1148" />
    <Channel>Security</Channel>
    <Computer>Bob-Server</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-21-2383235112-229054839-1289256265-1001</Data>
    <Data Name="SubjectUserName">Bob</Data>
    <Data Name="SubjectDomainName">Bob-Server</Data>
    <Data Name="SubjectLogonId">0x23ac9a</Data>
    <Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
    <Data Name="AlgorithmName">RSA</Data>
    <Data Name="KeyName">0275500c-4fdf-4ac8-85e1-3eb01ab7f5c7</Data>
    <Data Name="KeyType">%%2500</Data>
    <Data Name="Operation">%%2480</Data>
    <Data Name="ReturnCode">0x8009000b</Data>
  </EventData>
</Event>

This is a problem as it is preventing the correct operation of synchronisation software.

As far as I can tell this doesn't appear to be due to the configuration of the share, all non-encrypted shares work fine. I tested encrypting an existing share. Prior to being encrypted I could create new files in the share, after encrypting the share I can no longer create new files there.

As I understand it transferring each machine's EFS encryption keys and certificate to the other should not be necessary (since it is the same user accessing the file), this appears to be bourne out by the fact that I can read and modify files no problem. Nevertheless I have tried this anyway but it made no difference.

I have seen no mention of this behaviour in any of the EFS documentation I've read. Does anyone know why this might be happening or can point me to some info that might explain the problem please?

On a stand-alone setup, EFS cannot be used on shared directories (at least over SMB). According to Microsoft, at least the server must be part of an Active Directory domain.

(Since Windows is able to authenticate using Kerberos without being in an AD domain, it may be possible to hack something up for EFS to work, but I cannot test it right now. I might update the answer later...)