Root Certificate in Windows 7 does not have all Certificates

I have installed Windows 7 in a couple of computers and I have the same problem in all of them, it started with windows update not working, and the error pointed me to Microsoft article that says the problem is with date and time, but that wasn't the problem because I've checked everywhere, then i noticed that when i go to secure sites I always get the message "There is a problem with this website's security certificate", now these sites are well known sites, for example: https://login.yahoo.com, https://www.gmail.com and https://www.mesh.com.
http://i31.photobucket.com/albums/c399/AmtTaz/IT/IE.png

I used different Windows 7 version, some of the Windows edition used: Enterprise x64, Ultimate x32 and Ultimate x64 and all had the same problem. And I have been using Windows 7 Enterprise x64 edition in another location with no problems.

After a couple of failed attempts I checked my computer certificate: mmc > Add/Remove Snap-in > Certificates > Trusted Root Certification Authorities  > Certificates, and I had the following Certificates (image is also available in the attachment):
http://i31.photobucket.com/albums/c399/AmtTaz/IT/TrustedRootCertificationAuthorit-2.png

So i went to Microsoft and downloaded:
"Update for Root Certificates [November 2009] (KB931125)"
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=19c4ae49-1127-4537-9e91-35f81d20bce6

And this solved this problem for me, now I can access any secure sites normally and use Windows Update and mesh normally.

But my question is why this is happening in the first place. I have been using Windows 7 since August and I've never faced this kind of problem, the only different variable is the environment, because this is the first time I am using Windows 7 in this environment, but I used Vista and XP before in this environment and never seen this problem.
Also there is a small different which I don't think it had any effect, but in the environment that has the problem all the computers are "HP Compaq dx7500 Microtower"

Also this is my certificates from my working computer.
http://i31.photobucket.com/albums/c399/AmtTaz/IT/TrustedRootCertificationAuthorities.png
TrustedRootCertificationAuthorit.png
aaltayebAsked:
Who is Participating?
 
BitsBytesandMoreConnect With a Mentor Commented:
You hit the nail in the head. I don't remember you mentioning the proxy server when I asked you: ".....You haven't gone into details on what you mean by "....the only different variable is the environment, because this is the first time I am using Windows 7 in this environment..." .... If you did .... I apologize. I can't see it.
The problem is with the proxy server. Remember ... the proxy server requests "..on behalf of.." by definition.
I'm glad to hear that you have solved the problem.
Bits ...
0
 
BitsBytesandMoreCommented:
You haven't gone into details on what you mean by "....the only different variable is the environment, because this is the first time I am using Windows 7 in this environment..." but whatever it is, regardless, you must be aware that as opposed to previous versions of Windows, Microsoft now asks you beforehand if you want to download the latest updates before installing Windows 7.....
I'm assuming, and I don't know this for a fact, that because of all the work with the "Microsoft Root Certificate Program" .... (every month coming out with new updates) ..... Windows 7 needs to download the latest certificates to work correctly....
I just saw for example the Root Certificates for November 2009 come into one of my XP machines and I wouldn't be surprised to see the December 2009 and even the January 2010 coming in at any moment.
More and more commercial and government entities are enhancing their security .... this is just the future getting in your way....
I am attaching a .pdf I was reading regarding the activity going on with the Microsoft Root Certificate Program in case you want to dig deeper into it.....
I hope this helps answer your question....
Bits...

windows-root-certificate-program.pdf
0
 
BitsBytesandMoreCommented:
Forgot the link to the Root Certificate Program.... http://technet.microsoft.com/en-us/library/cc751157.aspx
 
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
aaltayebAuthor Commented:
Maybe i got ahead without explaining.
My initial problem was Windows Update giving me an error (80072F8F) when i try to update Windows 7 from Microsoft, same error in all Windows 7 but not in other Windows (XP and Vista), and here is the error.
http://i31.photobucket.com/albums/c399/AmtTaz/IT/Update80072F8F.png


I was trying to figure out the problem when i saw the Certificate error in IE, and when i installed the "Update for Root Certificates [November 2009] (KB931125)", i was able to update my Windows.

One more thing the "Update for Root Certificates [November 2009] (KB931125)" is designed for Windows XP, so if this was happening in Windows XP then maybe it was normal, but this is happening in 7, also I have WSUS in this environment and the Root Certificates update is approved in WSUS but it will only be deployed to Windows XP, I can update from WSUS but cannot from Microsoft.

Because all of that I asked my question about Root Certificate.
Update80072F8F.png
0
 
BitsBytesandMoreCommented:
Hi aaltayeb, thanks for the feedback.
Regarding your question: ".....But my question is why this is happening in the first place. I have been using Windows 7 since August and I've never faced this kind of problem, the only different variable is the environment, because this is the first time I am using Windows 7 in this environment..."
A hiccup? An application that installed slightly incorrectly preventing this one from coming in through Microsoft directly?..... A random memory error caused by a flicker in the power?...... who knows ....kind of like a vicious circle where you can't download it automatically because you don't have the latest root certificates but you can't get the root certificates because you cant download it automatically.....
We (I mean you and I and all of us) see this all the time where Microsoft comes up with a KBxxxxxxx article explaining how to resolve "Updates keep trying to re-install" or "Can't download xyz update"..... My guess is that we will just need to wait and see if this becomes a "mainstream" issue or if it is an isolated incident.
Bits...
0
 
aaltayebAuthor Commented:
Bits:" A hiccup? An application that installed slightly incorrectly preventing this one from coming in through Microsoft directly?..... A random memory error caused by a flicker in the power?...... who knows", I know that one of those could happen but this happend on 8 Computers, so its not likely on of those.

But I was testing and I found a reason that is also strange, I am under a Proxy Server (I have no authorities on that server), and because there were problems with some of the internet lines, they were changing configuration in the proxy server, so I tried to use a Tunneling program to use the internet, when I used it with Windows Update it worked and my computer was able to download updates from the internet.
But this was also strange, what does the proxy have to do with the certificate.

Anyway it seems that it had to do with the Proxy Server, so I will close the question unless someone have any suggestion or explanation about why its happening, I will leave it open for a couple of days before closing it.
0
 
BitsBytesandMoreConnect With a Mentor Commented:
By the way ... a hiccup on the proxy server ... could affect All your computers... in this case your hiccup was the proxy server: ".... they were changing configuration in the proxy server..."
0
 
aaltayebAuthor Commented:
"But this was also strange, what does the proxy have to do with the certificate", now i feel stupid, I don't know how i missed  "..on behalf of..", I thought of the proxy in a basic internet gateway, without thinking of what it actully is.

Thank you Bits, I'll award it all for your input.
0
 
BitsBytesandMoreCommented:
Thank you so much for the feedback ... Hopefully it will help someone else in the future who might have a similar problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.