Event 11 Microsoft-Windows-CAPI2 on x64 Windows 2008 DC
Just noticed a variety of these events in the App log on one of our Win2008 SP2x64 DCType:ErrorSource:Microsoft-Windows-CAPI2Event ID:11Event Time:7/23/2009 2:51:46 AMUser:n/aComputer:MYDC.mydomain.comDescription:Event message could not be found, but contained these strings: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab, A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.I can click the link, and download the file from the DC itself. Why can't the server do it itself?Orange County District Attorney
July 23rd, 2009 5:32pm

Hi Sandy, Thank you for your post. The event indicates that system failed to extract the .cab file. For more information about the event, please refer to the following website: Event ID 11 Automatic Root Certificates Update Configuration http://technet.microsoft.com/en-us/library/cc734018(WS.10).aspx According to the error A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file., it seems that a required certificate is expired. To better understand that issue, please help perform the following steps on the DC and collect the information: 1. Enable CAPI log on the DC:a. Open Event Viewer.b. In the console tree, expand Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows, and then expand CAPI2.c. Right-click Operational, and click Enable Log. 2. Once the event appears, save the Event log to a file. And then, run the following commands to dump the local certificate store: certutil store Root > root.txtcertutil store > intermediate.txt 3. Please zip and upload the information to the following space:https://sftasia.one.microsoft.com/choosetransfer.aspx?key=845eddcf-9e06-4ced-b790-f3471d83783aPassword: dI%4z*R!!_ I look forward to your response.
Free Windows Admin Tool Kit Click here and download it now
July 24th, 2009 9:21am

Troubleshooting : Go to Applications and Services Logs\Microsoft\Windows\CAPI2\Operational in the event viewer. Choose operational and enable logging. Reboot the System Review the Event Log by nativating to Applications and Services Logs\Microsoft\Windows\CAPI2\Operational. One of the log items indicated an error and mentionsmcafee exe or vsmon.exe or AVG.exe TrendMicro Zone Alarm AVGOther Products Disabling the AV Product Removes the error Contact the Third party AV VendorDeva All good things come to those who wait......
July 25th, 2009 8:29pm

Hi Sandy, How are you? Im wondering if the suggestion has helped. If you need further assistance, please feel free to respond back. Thanks.
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2009 11:45am

Hello Joson, Thanks very much for the response to my post. BTW, I just got the alert, for this post, this morning. Things are running slow I guess. I've enabled logging and will upload the info as soon as I get some data.Orange County District Attorney
July 29th, 2009 5:09pm

Just posted the logs you requested. Let me know what you find!Orange County District Attorney
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2009 9:36pm

Hi Sandy, Thank you for your update. Based on my research, the cause of this kind of issue is a conflict with Third Party application. I checked the event log and found that the process is WakeUpAgt.exe. Ive exported the event for your reference: Log Name: Microsoft-Windows-CAPI2/Operational Source: Microsoft-Windows-CAPI2 Date: 7/30/2009 2:18:38 AM Event ID: 11 Task Category: Build Chain Level: Error Keywords: Path Validation,Path Validation User: SYSTEM Computer: ****.**.*****.com Description: For more details for this event, please refer to the "Details" section Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" /> <EventID>11</EventID> <Version>0</Version> <Level>2</Level> <Task>11</Task> <Opcode>2</Opcode> <Keywords>0x8000000000000003</Keywords> <TimeCreated SystemTime="2009-07-29T18:18:38.509Z" /> <EventRecordID>402</EventRecordID> <Correlation /> <Execution ProcessID="3184" ThreadID="2416" /> <Channel>Microsoft-Windows-CAPI2/Operational</Channel> <Computer>****.**.*****.com</Computer> <Security UserID="S-1-5-18" /> </System> <UserData> <CertGetCertificateChain> <Certificate fileRef="28B350FA24D3296AF3B7377A1F6F60FA9579E788.cer" subjectName="Microsoft Certificate Trust List Publisher" /> <AdditionalStore> <Certificate fileRef="28B350FA24D3296AF3B7377A1F6F60FA9579E788.cer" subjectName="Microsoft Certificate Trust List Publisher" /> <Certificate fileRef="E87E7804D3749674DADDF0DB4311E022B70DFBC2.cer" subjectName="Microsoft Certificate Trust List PCA" /> <Certificate fileRef="3EA99A60058275E0ED83B892A909449F8C33B245.cer" subjectName="Microsoft Timestamping PCA" /> <Certificate fileRef="A1DC024FC8B2A76745D4661F663B8741C3D35313.cer" subjectName="Microsoft Timestamping Service" /> <Certificate fileRef="A43489159A520F0D93D032CCAF37E7FE20A8B419.cer" subjectName="Microsoft Root Authority" /> </AdditionalStore> <ExtendedKeyUsage> <Usage oid="1.3.6.1.4.1.311.10.3.9" name="Root List Signer" /> </ExtendedKeyUsage> <Flags value="100" CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE="true" /> <ChainEngineInfo context="user" /> <CertificateChain chainRef="{D3BD4009-29D5-4D8D-936F-7CBCA7E8DA3D}"> <TrustStatus> <ErrorStatus value="1" CERT_TRUST_IS_NOT_TIME_VALID="true" /> <InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> <ChainElement> <Certificate fileRef="28B350FA24D3296AF3B7377A1F6F60FA9579E788.cer" subjectName="Microsoft Certificate Trust List Publisher" /> <TrustStatus> <ErrorStatus value="1" CERT_TRUST_IS_NOT_TIME_VALID="true" /> <InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> <ApplicationUsage> <Usage oid="1.3.6.1.4.1.311.10.3.9" name="Root List Signer" /> </ApplicationUsage> <IssuanceUsage /> </ChainElement> <ChainElement> <Certificate fileRef="E87E7804D3749674DADDF0DB4311E022B70DFBC2.cer" subjectName="Microsoft Certificate Trust List PCA" /> <TrustStatus> <ErrorStatus value="0" /> <InfoStatus value="101" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> <ApplicationUsage> <Usage oid="1.3.6.1.4.1.311.10.3.9" name="Root List Signer" /> <Usage oid="1.3.6.1.4.1.311.10.3.1" name="Microsoft Trust List Signing" /> </ApplicationUsage> <IssuanceUsage /> </ChainElement> <ChainElement> <Certificate fileRef="A43489159A520F0D93D032CCAF37E7FE20A8B419.cer" subjectName="Microsoft Root Authority" /> <TrustStatus> <ErrorStatus value="0" /> <InfoStatus value="109" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> <ApplicationUsage any="true" /> <IssuanceUsage any="true" /> </ChainElement> </CertificateChain> <EventAuxInfo ProcessName="WakeUpAgt.exe" /> <CorrelationAuxInfo TaskId="{F6371B87-AD64-4C42-9736-BAD40FD1206D}" SeqNumber="14" /> <Result value="800B0101">A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</Result> </CertGetCertificateChain> </UserData> </Event> Based on the current situation, I suggest that we temporarily disable the application (and restart the machine, if it is possible) to check if the issue goes away. If the issue does not occur, please contact the application vendor for a solution. Recently, a Microsoft engineer also posted a thread describing the cause of the issue and the troubleshooting steps, which is really helpful to troubleshoot this kind of issue: Troubleshooting Steps for CAPI2 Event ID 11 occurring against Windows Update http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/685e65f6-72a7-4986-b02c-f17e8be78926/ Thanks.
July 30th, 2009 11:04am

Thanks for the help on my issue! I'll disable the service, reboot and see if it returns.Orange County District Attorney
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2009 11:01pm

Hi Sandy, Youre welcome. If you need further assistance, please feel free to respond here. Joson Zhou TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com
July 31st, 2009 6:00am

Hello Joson, Last night, I Disabled the WakeupAgent service and rebooted the server at 11:15 PM. I noticed one Event 11 from Source CAPI2 on the restart, about1 minute after the system came up but none since then. Hopefully its a one-off.Here's what the event looked likeLog Name: ApplicationSource: Microsoft-Windows-CAPI2Date: 7/30/2009 11:16:30 PMEvent ID: 11Task Category: NoneLevel: ErrorKeywords: ClassicUser: N/AComputer: MYDC1.my.domain.comDescription:Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file..Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" /> <EventID Qualifiers="49154">11</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-07-31T06:16:30.000000000Z" /> <EventRecordID>10357</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>OCDAAD000.da.ocgov.com</Computer> <Security /> </System> <EventData> <Data>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab</Data> <Data>A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</Data> </EventData></Event>Orange County District Attorney
Free Windows Admin Tool Kit Click here and download it now
July 31st, 2009 6:00pm

Looks like I'm still getting the CAPI event 11's. I checked this morning and the App log has one that showed up on 7/31 at 6:00 PM> I may open a support case on this one.Orange County District Attorney
August 3rd, 2009 6:14pm

Hi Sandy, I am sorry to hear that. After you get the solution, please share it here so that other community can get benefit from it. Hope the issue can be resolved soon.Joson
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2009 11:57am

I will.Orange County District Attorney
August 4th, 2009 5:16pm

Well, looks like we're out of support incidents so I'll be working on this one myself........if I get a resolution, I'll let you know.Orange County District Attorney
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2009 5:38pm

Hi Sandy, You mayexport the Application and CAPI2 events and uploadto me again for analysis. Meanwhile, we can perform a clean boot on the server to check if the event goes away. To perform a clean boot in Windows Server 2008: 1. Click Start, type msconfig in the Start Search box, and then press ENTER. 2. On the General tab, click Selective Startup. 3. Under Selective Startup, click to clear the Load Startup Items check box. 4. Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All. 5. Click OK. 6. When you are prompted, click Restart. Thanks. Joson Zhou TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com
August 6th, 2009 10:49am

See:Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, and for Windows 7http://support.microsoft.com/kb/947821http://support.microsoft.com/default.aspx/kb/947821 What Windows Update installation errors can the System Update Readiness Tool potentially address? The following table lists error messages that you might receive when you try to install a software update. These errors might be caused by a system irregularity that the System Update Readiness Tool might be able to resolve. However, the tool might be unable to fix all instances in which these errors occur. Code Error Description 0x80070002 ERROR_FILE_NOT_FOUND The system cannot find the file specified. 0x8007000D ERROR_INVALID_DATA The data is invalid. 0x800F081F CBS_E_SOURCE_MISSING The source for the package or file not found. 0x80073712 ERROR_SXS_COMPONENT_STORE_CORRUPT The component store is in an inconsistent state. 0x800736CC ERROR_SXS_FILE_HASH_MISMATCH A component's file does not match the verification information present in the component manifest. 0x800705B9 ERROR_XML_PARSE_ERROR Unable to parse the requested XML data. 0x80070246 ERROR_ILLEGAL_CHARACTER An invalid character was encountered. 0x8007370D ERROR_SXS_IDENTITY_PARSE_ERROR An identity string is malformed. 0x8007370B ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME The name of an attribute in an identity is not within the valid range. 0x8007370A ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE The value of an attribute in an identity is not within the valid range. 0x80070057 ERROR_INVALID_PARAMETER The parameter is incorrect. 0x800B0100 TRUST_E_NOSIGNATURE No signature was present in the subject. 0x80092003 CRYPT_E_FILE_ERROR An error occurred while Windows Update reads or writes to a file. 0x800B0101 CERT_E_EXPIRED A required certificate is not within its validity period when verifying against the current system clock or the time stamp in the signed file. 0x8007371B ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE One or more required members of the transaction are not present.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2009 6:34pm

HiThe automatic Root Certificates Update component downloads a cabinet (.cab) file to the temporary directory on the local computer, extracts the contents of the file, and then updates the root certificate list. The correct permissions must be applied to the temporary directory in order for the cabinet file to install correctly. This event may be recorded if the permissions for this temporary directory are not right. See the article for more details.Please look into this articlehttp://social.answers.microsoft.com/Forums/en-US/vistawu/thread/685e65f6-72a7-4986-b02c-f17e8be78926http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/acdf1b25-dace-4cfc-8a3d-cb961c1031ccHopes this helpDevaDon't do what others say - listen to them, but do what you feel good doing.
September 9th, 2009 2:12pm

any update on this issue? Deva
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2009 7:18pm

Yes actually, I live and work in Vienna, Austria. I got the same error failing to extract this ominous capi 2 issue with the authrootstl.cab file. The answer to the problem was by downloading the best practices analyzer with Small Business Server. Unfortunately Windows Server 2008 does not come with the Best Practiczes Security Analyzer which can be downloaded for Small Business Server 2008 which points to the answer with three error events. Because it fixed this problem, I will reconstruct it because it involves using the registry. Open the registry either on SBS 2008 or Windows Server 2008. Event A. The Company value does not exist in the BackConnectionHostNames registry key. Below is information which is specified below in Event B. Event B. The BackConnectionHostNames registry does not exist. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ Right-click MSV1_0. Point to New, and then click Multi.-String value. Type BackConnectionHostNames, and then Press ENTER. Event C. Company value or FQDN(remote.???.???) does not exist in the BackConnectionHostNames registry. The BackConnectionHostNames key should include the value remote.???.???. To resolve this issue, open registry editor, and then locate and click HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames. Right-click BackConnectionHostNames and then click Modify. In the Value data box, type remote.???.??? (whichever you have!), and then click OK. This will immediately resolve the issue and there will be no more errors in Server Manager in the Event Viewer. I did not find any more errors on my second Server with Windows 2008 on it. Both run on a Dell T300 in a Hyper-V environment. I imagine it needs the BackConnectionHostNames reference in Windows 2008 irrespective whether you own a SBS 2008 Premium or a regular Windows 2008 Server alone with the CAPI 2 because Encryption works with Active Directory. Let me know whether it works in a Standalone Environment with Windows Server 2008!
July 18th, 2010 9:05pm

any update yet?
Free Windows Admin Tool Kit Click here and download it now
August 12th, 2010 5:40am

Microsoft released a kb-article on that issue http://support.microsoft.com/kb/2328240/
September 24th, 2010 5:20am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics