Knowledge

ERROR_CS_ENCRYPTION_FILE_NOT_CSE - 6021 (0x1785)

The SMB client requested a CSE FSCTL on a non-CSE file.

Updated: Feb 21, 2026

Technical Background

The error code ERROR_CS_ENCRYPTION_FILE_NOT_CSE (6021) is a specific Windows API error that indicates an attempt by the SMB client to perform a CSE (Client-Side Encryption) operation on a file that does not support such encryption. This error typically arises in scenarios where the client expects the server or the file system to handle encryption, but the underlying resource fails to meet this expectation.

Error Details

The error ERROR_CS_ENCRYPTION_FILE_NOT_CSE (6021) is generated when an SMB client requests a CSE FSCTL operation on a file that does not support Client-Side Encryption. This can occur in various scenarios, such as attempting to encrypt or decrypt files using the CSE API, where the file system or the file itself does not have the necessary capabilities.

Common Causes

  • Unsupported File Type: The file being operated on is of a type that does not support Client-Side Encryption. For example, certain file formats or types may be incompatible with CSE operations.
  • File System Limitations: The underlying file system does not support CSE operations. This can include file systems that do not have the necessary features to handle encryption at the client side.
  • Client-Side Configuration: Incorrect configuration of the client-side settings for CSE, leading to an expectation that a non-CSE file will be processed as if it were CSE-capable.

Real-World Context

This error is commonly encountered in environments where Client-Side Encryption is enabled and expected. For instance, when using Windows Server 2016 or later with the Storage Spaces Direct feature, which supports CSE for data protection. If a client attempts to perform an operation on a file that does not support CSE, this error will be returned.

Is This Error Critical?

The criticality of this error depends on the specific context in which it occurs. In general, if Client-Side Encryption is required for security reasons, encountering this error can indicate a misconfiguration or an unsupported file type. However, in environments where CSE is not mandatory, this error may be less critical and could simply require adjusting the operation context.

How to Diagnose

  1. Review Operation Context: Ensure that the client-side settings for CSE are correctly configured and that the operation being performed aligns with the expected file type and encryption requirements.
  2. Validate Parameters: Verify that all parameters passed to the FSCTL operation are correct and appropriate for the file in question.
  3. Confirm Object Types: Confirm that the file or directory being operated on supports CSE operations. Check the file system attributes and properties to ensure compatibility with Client-Side Encryption.
  4. Verify Input Data: Ensure that the input data is valid and does not contain any corruption that could affect encryption operations.

How to Resolve

  1. Correct Parameter Usage: Adjust the parameters passed to the FSCTL operation to match the capabilities of the file or directory being operated on.
  2. Adjust Operation Context: If the client-side settings are incorrect, adjust them to ensure compatibility with the file type and encryption requirements.
  3. Restore Data: If data corruption is suspected, restore the file from a backup or correct any issues that may be preventing proper operation.
  4. Retry Operation with Valid Inputs: Attempt the operation again using valid inputs and ensuring all prerequisites are met for CSE operations to succeed.

Developer Notes

Developers should ensure that their applications handle this error gracefully, providing appropriate feedback to users or logging the issue for further investigation. Additionally, it is important to document the specific file types and configurations that support Client-Side Encryption to avoid such errors in future development cycles.

Related Errors

  • ERROR_CS_ENCRYPTION_REQUIRED (6020): Indicates a scenario where encryption is required but not supported by the client or server.
  • ERROR_CS_NO_PROTECTION (6019): Occurs when no protection is available for a file, which may be related to CSE operations failing due to unsupported file types or configurations.

FAQ

Q: What does the error ERROR_CS_ENCRYPTION_FILE_NOT_CSE mean?

A: This error indicates that an attempt was made to perform a Client-Side Encryption operation on a file that does not support such encryption.

Q: How can I prevent this error from occurring?

A: Ensure that the files and directories being operated on are compatible with CSE operations, and verify that client-side settings are correctly configured for CSE.

Summary

The error ERROR_CS_ENCRYPTION_FILE_NOT_CSE (6021) is a specific Windows API error indicating an attempt to perform Client-Side Encryption on a file that does not support such encryption. This error can be diagnosed and resolved by reviewing the operation context, validating parameters, confirming object types, and verifying input data. Proper handling of this error in applications ensures smooth operation and avoids potential security issues.