Problem with root certificate update

Posted on 2009-12-30
Last Modified: 2012-05-08
On all our XP machines the event log is getting pounded with the following error.

Event Type:      Error
Event Source:      crypt32
Event Category:      None
Event ID:      8
Failed auto update retrieval of third-party root list sequence number from: <> with error: The specified server cannot perform the requested operation.

After researching the problem a bit, it looks like it most likely stems from the fact that we have Windows Update turned off as we use WSUS.  Does this mean we have to disabled the update root certificates on all the machines?  Is this something we can push with WSUS without having to disable the root cert update?
Question by:rufustmac
    LVL 11

    Expert Comment

    Have you tried this:

    1. In Control Panel, double-click Add/Remove Programs.
    2. Click Add/Remove Windows Components.
    3. Click to clear the Update Root Certificates check box, and then continue with the Windows Components Wizard.

    This could also happen if some certificates at Microsoft has expired and need updates. Then the problem will disappear after some hours or days.
    LVL 47

    Accepted Solution

    Use "Turn off Automatic Root Certificates Update"
    LVL 31

    Assisted Solution

    The above information is likely to be the solution (to turn off auto root updates - this can be done via GPO - you may need the IE add-in template, etc.), here is a little bit of an explanation.

    Root certificate updates do indeed go through Windows Update, so disabling that will prevent the root certificates from being updated.  Manual installation packages are available from here:

    You should disable the automatic root certificate update as suggested to prevent errors.

    Another possibility if Windows Update was enabled is if the Microsoft root certificate that manages Windows Update had expired.  Since you have updates blocked, I would not imagine this to be the case, and this issue is a couple years old now so does not come up frequently.  Likewise, other issues that could block access to updates could be the cause, such as malware, etc., but again nothing to worry about in your case for this issue.

    If this is only happening on one or a couple machines, it may be that the client was accessing a secured website that had a certificate that was not already trusted and is trying to check for an updated list to see if it should be trusted now.  For XP, it would need to download the whole list, for Vista and newer it would only download the necessary new root cert.

    Author Closing Comment

    Thanks, we turned it off via GPO and it's working fine now.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Suggested Solutions

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now