Hi all, I've got this problem on most of my 2008 servers: http://social.technet.microsoft.com/wiki/contents/articles/windows-server-2008-troubleshoot-event-id-11-automatic-root-certificates-update-configuration.aspx First thing I did was to run the "fixit" tool in the KB article, but this did not solve my problem. Then I began to do the fix manually, deleting all chache for users that have ever logged in to the server, and the cache for our service accounts. This did not work either. I came upon the wiki article above, so checked all the permissions on the Temp folder for every user, specially the service accounts, no problems found. The error keeps on popping up, I have no idea what to do next. Thanks for your help. Wybren

How do the "good" servers differ from "bad" ones? What is difference in configurations, roles, features, aplications and status of update? What is setting of firewall (rules for update, filtering files by extension,...)? I would test the communication and register all attempts to contact MS update servers by network monitor, check if cab files are transfered and analyze logs. Place your findings here, please.. You have done nearly all what you could. There is an advice for the unsuccessfull fix - you can call MS support http://support.microsoft.com/contactus Perhaps someone from the Security forum could give more direct way, how to cure this.

I also see event 11 for CAPI2 on Windows Server 2008. Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. I've downloaded the CAB file by clicking the link. Inside the CAB there is a single file named authroot.stl. If I open this file I get a message about a certificate problem as shown here: I then clicked the button "View Signature", which brings up this window: And going one step further by clicking the "View Certificate" button it also shows the message "The certificate is not valid for the selected purpose.". Looking at the certificate chain shows that the certificate used to sign the STL file seems to be invalid because of some mismatch with its intended purpose. The certificate used to sign the STL file has serial number 61 02 78 be 00 01 00 00 00 10 and is valid 02/08/2011 thru 05/08/2012. Does anyone know what this means? Did Microsoft use a wrong certificate to sign the STL file?

Well, the good ones are windows 2003 and the bas ones are 2008, and for what I've seen, these have SQL servers installed.. Updates, firewalls, antivirusses are all take care of by a GPO on all the servers in the same way. I will contact Microsoft as well for this.Wybren De Paepe

Please let us know the results, I have the same problems also only on some servers. 2008 with SQL 2008.CarolChi

Please let us know the results, I have the same problems also only on some servers. 2008 with SQL 2008. CarolChi I haven't contacted Microsoft yet, as this error went away as mysteriously as it appeared..Wybren De Paepe