AdoBeebo
asked on
Crypt32 Error in Event Viewer
Hi
I have this error on several Windows Server 2003 machines. I've updated the certificate list with the certificate cab file shown in the error log and it still occurs. Can anyone say they've seen it before and know what the cause is?
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 11
Date: 04/01/2010
Time: 09:29:54
User: N/A
Computer: SERVER123
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain could not be built to a trusted root authority.
I have this error on several Windows Server 2003 machines. I've updated the certificate list with the certificate cab file shown in the error log and it still occurs. Can anyone say they've seen it before and know what the cause is?
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 11
Date: 04/01/2010
Time: 09:29:54
User: N/A
Computer: SERVER123
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain could not be built to a trusted root authority.
ASKER
I've tried updating the server with the downloaded package but it hasn't helped this time. The errors remain. This is a scanning server and scans are coming through very slowly (around 2-3 minutes each instead of 10-15 seconds). The scanners themselves look busy during this wait as if there is a delay in communication.
The machine was disjoined from the network last night and rejoined and the errors stopped but began again this morning when scan jobs began to go through. However that is the only correlation as there is not a Crypt32 error for every attempt to scan. Instead it looks like there are several Crypt32 errors per scan attempt starting shortly after an attempt to scan (under a minute) which eventually hits the event threshold and then there are no errors for an hour. So sometimes if the threshold is reached there is no Crypt32 error but the scanning is still just as slow.
The machine was disjoined from the network last night and rejoined and the errors stopped but began again this morning when scan jobs began to go through. However that is the only correlation as there is not a Crypt32 error for every attempt to scan. Instead it looks like there are several Crypt32 errors per scan attempt starting shortly after an attempt to scan (under a minute) which eventually hits the event threshold and then there are no errors for an hour. So sometimes if the threshold is reached there is no Crypt32 error but the scanning is still just as slow.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://support.microsoft.com/kb/931125
It may be that the server never got updated with the new MS root cert and so is having problems, or there could be a number of other issues. Either way, this should fix it for now at least and quite possibly permanently, although it would be tough to say until the next update in a few months.
You could try downloading the last root certificate update to be more confident, which would be from May 09:
http://www.microsoft.com/downloads/details.aspx?FamilyID=f814ec0e-ee7e-435e-99f8-20b44d4531b0&displaylang=en
The current update is from Sept 09 - if updating the root store to a more current state is the fix, the May version should be good enough to confirm that by updating to the Sept 09 version, which will include the Startcom root (the first free SSL certificate provider).