Our PKI is Windows 2016 with ADDS forest/domain functional level at 2008 R2. When attempting to encrypt a file on a Domain joined Windows 2008 (not R2!) machine we received the following:
'Element not found'
Our recovery agent is in place and we have no issues on Windows 2008R2 or above. From troubleshooting this only occurs isKSP is used as the cryptographic providerin the PKI template. If we use the legacy provider in the template the file encrypts without issues.