Strange issues with CAPI2 on Windows 2008 R2 - Error 53 in Event Viewer.
Hi folks,
I've been having some issues with CAPI2 on a Windows 2008 R2 box. I get a lot of Error 53's when we try and process credit card transactions through authorize.net. It's not an issue with them, as the box doesnt' appear to be able to reach them
to negotiate payment processing. I tried to disable WPAD, which seemed to temporarily help, but we've intermittently been getting error messages again. It looked like some of them were related to Base Filtering Engine, I've tried to disable that
this morning to see if that provides any help. I'm posting some of the error messages below. We were getting these issues mostly from entrust.com, which I guess is who authorize.net uses for certificate management, but we're also getting these
errors from Microsoft related certificates now too. Here is a copy from the log. Any ideas?
Thanks,
-Nate
+
System
-
Provider
[ Name]
Microsoft-Windows-CAPI2
[ Guid]
{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID
53
Version
0
Level
2
Task
53
Opcode
2
Keywords
0x4000000000000036
-
TimeCreated
[ SystemTime]
2011-07-14T19:08:20.761485600Z
EventRecordID
1898
Correlation
-
Execution
[ ProcessID]
944
[ ThreadID]
4628
Channel
Microsoft-Windows-CAPI2/Operational
Computer
madhost416
-
Security
[ UserID]
S-1-5-21-774496436-1281339017-1124771110-1001
-
UserData
-
CryptRetrieveObjectByUrlWire
-
URL
http://crl.microsoft.com/pki/crl/products/CSPCA.crl
[ scheme]
http
-
Object
[ type]
Blob
[ constant]
0
Timeout
PT5M0S
-
Flags
[ value]
60000D
[ CRYPT_RETRIEVE_MULTIPLE_OBJECTS]
true
[ CRYPT_WIRE_ONLY_RETRIEVAL]
true
[ CRYPT_DONT_CACHE_RESULT]
true
[ CRYPT_PROXY_CACHE_RETRIEVAL]
true
[ CRYPT_NOT_MODIFIED_RETRIEVAL]
true
-
AuxInfo
[ maxUrlRetrievalByteCount]
104857600
[ cacheResyncTime]
2011-07-14T18:08:20.678Z
[ fProxyCacheRetrieval]
true
-
AdditionalInfo
-
NetworkConnectivityStatus
[ value]
1
[ _SENSAPI_NETWORK_ALIVE_LAN]
true
-
Action
[ name]
Call_WinHttpGetProxyForUrl
-
Error
[ value]
2F92
-
Action
[ name]
NoProxy
-
Action
[ name]
Call_WinHttpGetProxyForUrl
-
Error
[ value]
2F92
-
Action
[ name]
NoProxy
-
HTTPRequestHeadersInfo
Header
GET /pki/crl/products/CSPCA.crl HTTP/1.1
Header
Accept: */*
Header
Cache-Control: max-age = 3600
Header
User-Agent: Microsoft-CryptoAPI/6.1
Header
Connection: Keep-Alive
-
HTTPResponseHeadersInfo
Header
HTTP/1.1 200 OK
Header
Cache-Control: max-age=900
Header
Connection: keep-alive
Header
Date: Thu, 14 Jul 2011 19:08:12 GMT
Header
Content-Length: 552
Header
Content-Type: application/pkix-crl
Header
Last-Modified: Mon, 13 Jun 2011 17:39:55 GMT
Header
Accept-Ranges: bytes
Header
ETag: "6d7054e8f029cc1:0"
Header
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Header
Server: Microsoft-IIS/7.5
Header
VTag: 438374942100000000
Header
X-Powered-By: ASP.NET
-
CacheInfo
[ lastSyncTime]
2011-07-14T19:08:20.760Z
-
URLCacheResponseInfo
[ responseType]
CRYPTNET_URL_CACHE_RESPONSE_HTTP
[ lastModifiedTime]
2011-06-13T17:39:55Z
[ maxAge]
900
[ eTag]
"6d7054e8f029cc1:0"
-
RetrievedObjects
-
Blob
308202243082010C020101300D06092A864886F70D01010505003079310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E312330210603550403131A4D6963726F
[ fileRef]
B65B3BAF37445A512FA1919E4E93F3DB0E9CE237.bin
[ maxSize]
true
-
EventAuxInfo
[ ProcessName]
svchost.exe
[ impersonateToken]
S-1-5-21-774496436-1281339017-1124771110-1001
-
CorrelationAuxInfo
[ TaskId]
{A1E6A631-32D4-41AB-9DF0-5C72FCA6EFC7}
[ SeqNumber]
2
-
Result
[ value]
0
July 15th, 2011 11:38am
After looking at the errors in the log a bit further, I see there is a variety of URL's mentioned in the messages. I've tried clearing the urlcache with certutil. This is on a production web server, and is getting a bit annoying, as customers
aren't able to pay for their merchandise. Thanks.
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2011 11:46am
When I turn WPAD back on, I get this error message:
+ System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 11
Version 0
Level 2
Task 11
Opcode 2
Keywords 0x4000000000000003
- TimeCreated
[ SystemTime] 2011-07-15T16:22:00.144135000Z
EventRecordID 3139
- Correlation
[ ActivityID] {00CC000C-E2B0-036B-DC10-E01037B82200}
- Execution
[ ProcessID] 4316
[ ThreadID] 4320
Channel Microsoft-Windows-CAPI2/Operational
Computer madhost416
- Security
[ UserID] S-1-5-21-774496436-1281339017-1124771110-1001
- UserData
- CertGetCertificateChain
- Certificate
[ fileRef] 68E257C0229BF273A9D296DD6406BF61763C64C4.cer
[ subjectName] secure.authorize.net
ValidationTime 2011-07-15T16:21:42.546Z
- AdditionalStore
- Certificate
[ fileRef] BEE772B3190AC84BF831F9607D9889EC6A966C16.cer
[ subjectName] Entrust Root Certification Authority
- Certificate
[ fileRef] 179A7696DB4322813F1C9572B85033841DEC020E.cer
[ subjectName] Entrust Certification Authority - L1E
- Certificate
[ fileRef] 68E257C0229BF273A9D296DD6406BF61763C64C4.cer
[ subjectName] secure.authorize.net
- ExtendedKeyUsage
[ orMatch] true
- Usage
[ oid] 1.3.6.1.5.5.7.3.1
[ name] Server Authentication
- Usage
[ oid] 1.3.6.1.4.1.311.10.3.3
- Usage
[ oid] 2.16.840.1.113730.4.1
- Flags
[ value] 48000000
[ CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT] true
[ CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT] true
- ChainEngineInfo
[ context] user
- AdditionalInfo
- NetworkConnectivityStatus
[ value] 1
[ _SENSAPI_NETWORK_ALIVE_LAN] true
- CertificateChain
[ chainRef] {AB08EF73-BFD8-4DCE-B802-3C20710E8768}
- TrustStatus
- ErrorStatus
[ value] 1000040
[ CERT_TRUST_REVOCATION_STATUS_UNKNOWN] true
[ CERT_TRUST_IS_OFFLINE_REVOCATION] true
- InfoStatus
[ value] 100
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ChainElement
- Certificate
[ fileRef] 68E257C0229BF273A9D296DD6406BF61763C64C4.cer
[ subjectName] secure.authorize.net
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 1000040
[ CERT_TRUST_REVOCATION_STATUS_UNKNOWN] true
[ CERT_TRUST_IS_OFFLINE_REVOCATION] true
- InfoStatus
[ value] 102
[ CERT_TRUST_HAS_KEY_MATCH_ISSUER] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
- Usage
[ oid] 1.3.6.1.5.5.7.3.1
[ name] Server Authentication
- Usage
[ oid] 1.3.6.1.5.5.7.3.2
[ name] Client Authentication
- IssuanceUsage
- Usage
[ oid] 2.16.840.1.114028.10.1.2
- RevocationInfo
- RevocationResult The revocation function was unable to check revocation because the revocation server was offline.
[ value] 80092013
- ChainElement
- Certificate
[ fileRef] 179A7696DB4322813F1C9572B85033841DEC020E.cer
[ subjectName] Entrust Certification Authority - L1E
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 0
- InfoStatus
[ value] 102
[ CERT_TRUST_HAS_KEY_MATCH_ISSUER] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
[ any] true
- IssuanceUsage
[ any] true
- RevocationInfo
[ freshnessTime] P1DT4H14M43S
- RevocationResult
[ value] 0
- OCSPResponse
[ location] Wire
[ url] http://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBQsSqZpWQuWOxHU9pAda%2B7Lf6V20AQUaJDkZ6SmU4DHhmak8fdLQ%2FuEvW0CBEVrmtw%3D
[ fileRef] 6877B90FD8FF62D3352B55767E83F2315015C124.bin
[ issuerName] Entrust Root Certification Authority
- ChainElement
- Certificate
[ fileRef] BEE772B3190AC84BF831F9607D9889EC6A966C16.cer
[ subjectName] Entrust Root Certification Authority
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 0
- InfoStatus
[ value] 102
[ CERT_TRUST_HAS_KEY_MATCH_ISSUER] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
[ any] true
- IssuanceUsage
[ any] true
- RevocationInfo
[ freshnessTime] PT23H38M30S
- RevocationResult
[ value] 0
- OCSPResponse
[ location] Wire
[ url] http://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBSgLXLbL4La7i%2B3dMpUpZCcZtKubgQU6r8QpQEelY%2FJVbRnYKSP%2FYsPErQCBEKHLUw%3D
[ fileRef] 6AF47350D4B7AFC4ADC41DE65F5F3C5DDE15AEFC.bin
[ issuerName] Entrust.net Secure Server Certification Authority
- ChainElement
- Certificate
[ fileRef] 99A69BE61AFE886B4D2B82007CB854FC317E1539.cer
[ subjectName] Entrust.net Secure Server Certification Authority
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 1024
- TrustStatus
- ErrorStatus
[ value] 0
- InfoStatus
[ value] 10A
[ CERT_TRUST_HAS_KEY_MATCH_ISSUER] true
[ CERT_TRUST_IS_SELF_SIGNED] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
- Usage
[ oid] 1.3.6.1.5.5.7.3.1
[ name] Server Authentication
- Usage
[ oid] 1.3.6.1.5.5.7.3.2
[ name] Client Authentication
- Usage
[ oid] 1.3.6.1.5.5.7.3.3
[ name] Code Signing
- Usage
[ oid] 1.3.6.1.5.5.7.3.4
[ name] Secure Email
- Usage
[ oid] 1.3.6.1.5.5.7.3.6
[ name] IP security tunnel termination
- Usage
[ oid] 1.3.6.1.5.5.7.3.7
[ name] IP security user
- Usage
[ oid] 1.3.6.1.5.5.8.2.2
[ name] IP security IKE intermediate
- Usage
[ oid] 1.3.6.1.5.5.7.3.8
[ name] Time Stamping
- Usage
[ oid] 1.3.6.1.4.1.311.10.3.4
[ name] Encrypting File System
- IssuanceUsage
[ any] true
- EventAuxInfo
[ ProcessName] webstore.exe
- CorrelationAuxInfo
[ TaskId] {D6586820-FBBF-47C8-AEB6-0352BC076439}
[ SeqNumber] 17
- Result The revocation function was unable to check revocation because the revocation server was offline.
[ value] 80092013
July 15th, 2011 12:34pm
What is not working, please provide details?
Why are customers not able to pay for their merchandise?
What is failing?
You a web server?
You have a certificate on the web server for SSL?
What is the certificate 68E257C0229BF273A9D296DD6406BF61763C64C4.cer [subjectName] secure.authorize.net used for in your environment?
What is the end user certificate that you are using on your web server?
Export the Certificate using to lock down the W2k3 IIS web site (public key only, not the private key) and copied it to the folder c:\test and then opened a cmd prompt (open with Run as administrator is on W2k8 machine)
In the administrativecmd prompt, run:
Psexec –s cmd
Certutil –verify –urlfetch NameCert.cer > CertVerify.txt
Do you have revocation errors in the CertVerify.txt
What is the web server used for in your environment?
You said you disabled Web Proxy Automatic Discovery (WPAD).
Do you have ISA firewall?
Automatic Discovery for Firewall and Web Proxy Clients
http://technet.microsoft.com/en-us/library/cc713344.aspxSumesh P - Microsoft Online Community Support
Free Windows Admin Tool Kit Click here and download it now
July 25th, 2011 1:58pm