?
Solved

Root Certificate in Windows 7 does not have all Certificates

Posted on 2010-01-02
9
Medium Priority
?
20,411 Views
Last Modified: 2013-11-16
I have installed Windows 7 in a couple of computers and I have the same problem in all of them, it started with windows update not working, and the error pointed me to Microsoft article that says the problem is with date and time, but that wasn't the problem because I've checked everywhere, then i noticed that when i go to secure sites I always get the message "There is a problem with this website's security certificate", now these sites are well known sites, for example: https://login.yahoo.com, https://www.gmail.com and https://www.mesh.com.
http://i31.photobucket.com/albums/c399/AmtTaz/IT/IE.png

I used different Windows 7 version, some of the Windows edition used: Enterprise x64, Ultimate x32 and Ultimate x64 and all had the same problem. And I have been using Windows 7 Enterprise x64 edition in another location with no problems.

After a couple of failed attempts I checked my computer certificate: mmc > Add/Remove Snap-in > Certificates > Trusted Root Certification Authorities  > Certificates, and I had the following Certificates (image is also available in the attachment):
http://i31.photobucket.com/albums/c399/AmtTaz/IT/TrustedRootCertificationAuthorit-2.png

So i went to Microsoft and downloaded:
"Update for Root Certificates [November 2009] (KB931125)"
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=19c4ae49-1127-4537-9e91-35f81d20bce6

And this solved this problem for me, now I can access any secure sites normally and use Windows Update and mesh normally.

But my question is why this is happening in the first place. I have been using Windows 7 since August and I've never faced this kind of problem, the only different variable is the environment, because this is the first time I am using Windows 7 in this environment, but I used Vista and XP before in this environment and never seen this problem.
Also there is a small different which I don't think it had any effect, but in the environment that has the problem all the computers are "HP Compaq dx7500 Microtower"

Also this is my certificates from my working computer.
http://i31.photobucket.com/albums/c399/AmtTaz/IT/TrustedRootCertificationAuthorities.png
TrustedRootCertificationAuthorit.png
0
Comment
Question by:aaltayeb
  • 6
  • 3
9 Comments
 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 26161506
You haven't gone into details on what you mean by "....the only different variable is the environment, because this is the first time I am using Windows 7 in this environment..." but whatever it is, regardless, you must be aware that as opposed to previous versions of Windows, Microsoft now asks you beforehand if you want to download the latest updates before installing Windows 7.....
I'm assuming, and I don't know this for a fact, that because of all the work with the "Microsoft Root Certificate Program" .... (every month coming out with new updates) ..... Windows 7 needs to download the latest certificates to work correctly....
I just saw for example the Root Certificates for November 2009 come into one of my XP machines and I wouldn't be surprised to see the December 2009 and even the January 2010 coming in at any moment.
More and more commercial and government entities are enhancing their security .... this is just the future getting in your way....
I am attaching a .pdf I was reading regarding the activity going on with the Microsoft Root Certificate Program in case you want to dig deeper into it.....
I hope this helps answer your question....
Bits...

windows-root-certificate-program.pdf
0
 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 26161510
Forgot the link to the Root Certificate Program.... http://technet.microsoft.com/en-us/library/cc751157.aspx
 
0
 

Author Comment

by:aaltayeb
ID: 26164519
Maybe i got ahead without explaining.
My initial problem was Windows Update giving me an error (80072F8F) when i try to update Windows 7 from Microsoft, same error in all Windows 7 but not in other Windows (XP and Vista), and here is the error.
http://i31.photobucket.com/albums/c399/AmtTaz/IT/Update80072F8F.png


I was trying to figure out the problem when i saw the Certificate error in IE, and when i installed the "Update for Root Certificates [November 2009] (KB931125)", i was able to update my Windows.

One more thing the "Update for Root Certificates [November 2009] (KB931125)" is designed for Windows XP, so if this was happening in Windows XP then maybe it was normal, but this is happening in 7, also I have WSUS in this environment and the Root Certificates update is approved in WSUS but it will only be deployed to Windows XP, I can update from WSUS but cannot from Microsoft.

Because all of that I asked my question about Root Certificate.
Update80072F8F.png
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 26165815
Hi aaltayeb, thanks for the feedback.
Regarding your question: ".....But my question is why this is happening in the first place. I have been using Windows 7 since August and I've never faced this kind of problem, the only different variable is the environment, because this is the first time I am using Windows 7 in this environment..."
A hiccup? An application that installed slightly incorrectly preventing this one from coming in through Microsoft directly?..... A random memory error caused by a flicker in the power?...... who knows ....kind of like a vicious circle where you can't download it automatically because you don't have the latest root certificates but you can't get the root certificates because you cant download it automatically.....
We (I mean you and I and all of us) see this all the time where Microsoft comes up with a KBxxxxxxx article explaining how to resolve "Updates keep trying to re-install" or "Can't download xyz update"..... My guess is that we will just need to wait and see if this becomes a "mainstream" issue or if it is an isolated incident.
Bits...
0
 

Author Comment

by:aaltayeb
ID: 26212036
Bits:" A hiccup? An application that installed slightly incorrectly preventing this one from coming in through Microsoft directly?..... A random memory error caused by a flicker in the power?...... who knows", I know that one of those could happen but this happend on 8 Computers, so its not likely on of those.

But I was testing and I found a reason that is also strange, I am under a Proxy Server (I have no authorities on that server), and because there were problems with some of the internet lines, they were changing configuration in the proxy server, so I tried to use a Tunneling program to use the internet, when I used it with Windows Update it worked and my computer was able to download updates from the internet.
But this was also strange, what does the proxy have to do with the certificate.

Anyway it seems that it had to do with the Proxy Server, so I will close the question unless someone have any suggestion or explanation about why its happening, I will leave it open for a couple of days before closing it.
0
 
LVL 22

Accepted Solution

by:
BitsBytesandMore earned 2000 total points
ID: 26212136
You hit the nail in the head. I don't remember you mentioning the proxy server when I asked you: ".....You haven't gone into details on what you mean by "....the only different variable is the environment, because this is the first time I am using Windows 7 in this environment..." .... If you did .... I apologize. I can't see it.
The problem is with the proxy server. Remember ... the proxy server requests "..on behalf of.." by definition.
I'm glad to hear that you have solved the problem.
Bits ...
0
 
LVL 22

Assisted Solution

by:BitsBytesandMore
BitsBytesandMore earned 2000 total points
ID: 26212171
By the way ... a hiccup on the proxy server ... could affect All your computers... in this case your hiccup was the proxy server: ".... they were changing configuration in the proxy server..."
0
 

Author Comment

by:aaltayeb
ID: 26212577
"But this was also strange, what does the proxy have to do with the certificate", now i feel stupid, I don't know how i missed  "..on behalf of..", I thought of the proxy in a basic internet gateway, without thinking of what it actully is.

Thank you Bits, I'll award it all for your input.
0
 
LVL 22

Expert Comment

by:BitsBytesandMore
ID: 26212880
Thank you so much for the feedback ... Hopefully it will help someone else in the future who might have a similar problem.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question