Crypt32 Error in Event Viewer

Posted on 2010-01-04
Last Modified: 2012-05-08

I have this error on several Windows Server 2003 machines. I've updated the certificate list with the certificate cab file shown in the error log and it still occurs. Can anyone say they've seen it before and know what the cause is?

Event Type:                            Error
Event Source:      crypt32
Event Category:      None
Event ID:                           11
Date:            04/01/2010
Time:            09:29:54
User:            N/A
Computer:                            SERVER123
Failed extract of third-party root list from auto update cab at: <> with error: A certificate chain could not be built to a trusted root authority.
Question by:AdoBeebo
    LVL 31

    Expert Comment

    Sounds like it is having problems doing windows update to update the root certificate list accepted by Microsoft.  To download this manually, see this KB article, which updates every few months to reflect the current list:

    It may be that the server never got updated with the new MS root cert and so is having problems, or there could be a number of other issues.  Either way, this should fix it for now at least and quite possibly permanently, although it would be tough to say until the next update in a few months.

    You could try downloading the last root certificate update to be more confident, which would be from May 09:

    The current update is from Sept 09 - if updating the root store to a more current state is the fix, the May version should be good enough to confirm that by updating to the Sept 09 version, which will include the Startcom root (the first free SSL certificate provider).
    LVL 3

    Author Comment

    I've tried updating the server with the downloaded package but it hasn't helped this time. The errors remain. This is a scanning server and scans are coming through very slowly (around 2-3 minutes each instead of 10-15 seconds). The scanners themselves look busy during this wait as if there is a delay in communication.
    The machine was disjoined from the network last night and rejoined and the errors stopped but began again this morning when scan jobs began to go through. However that is the only correlation as there is not a Crypt32 error for every attempt to scan. Instead it looks like there are several Crypt32 errors per scan attempt starting shortly after an attempt to scan (under a minute) which eventually hits the event threshold and then there are no errors for an hour. So sometimes if the threshold is reached there is no Crypt32 error but the scanning is still just as slow.
    LVL 31

    Accepted Solution

    Do you normally update via windows update?  if you normally patch manually then turn off windows update.  you can also try changing the windows update from 'recommended' to 'critical/high' for patches to install - root updates are recommended.

    There seems to be a few of these coming up lately, the MS root store has gotten too big for 2003.  Removing some of the extraneous roots from the root store may help.  Similar post:

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    Learn about cloud computing and its benefits for small business owners.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now