I get error events 41 (verify revocation) followed by 11 (build chain) based on the CAPI2 log every few minutes (including once each time I boot the PC) in Win 7 Home Premium 64-bit, and both refer to the file consent.exe. Here are the details for Event 41: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" /> <EventID>41</EventID> <Version>0</Version> <Level>2</Level> <Task>41</Task> <Opcode>2</Opcode> <Keywords>0x4000000000000005</Keywords> <TimeCreated SystemTime="2010-08-03T16:06:39.848632800Z" /> <EventRecordID>520397</EventRecordID> <Correlation /> <Execution ProcessID="1992" ThreadID="4264" /> <Channel>Microsoft-Windows-CAPI2/Operational</Channel> <Computer>Ralf-PC</Computer> <Security UserID="S-1-5-21-144745434-3117752395-3347988403-1000" /> </System> - <UserData> - <CertVerifyRevocation> <Certificate fileRef="7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer" subjectName="Microsoft Time-Stamp Service" /> <IssuerCertificate fileRef="375FCB825C3DC3752A02E34EB70993B4997191EF.cer" subjectName="Microsoft Time-Stamp PCA" /> <Flags value="6" CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION="true" CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG="true" /> <AdditionalParameters timeToUse="2009-07-14T03:01:05Z" currentTime="2010-08-03T16:06:39.833Z" urlRetrievalTimeout="PT20S" /> <RevocationStatus index="0" error="80092013" reason="0" /> <EventAuxInfo ProcessName="consent.exe" impersonateToken="S-1-5-21-144745434-3117752395-3347988403-1000" /> <CorrelationAuxInfo TaskId="{1DEDDADF-26EC-40C5-81BC-C6F0FA87DF56}" SeqNumber="16" /> <Result value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</Result> </CertVerifyRevocation> </UserData> </Event> "ll post the details for Event 11 in another message. I tried various suggestions: - extracted and installed authrootstl.cab - installed rootsupd.exe - deleted the content of the cryptnet content and metadata directories and the certificates registry entries under authroot I checked the properties of consent.exe and the info matches that the file in another PC with the same OS but which does not have this error. I also used certmgr.msc to check the certificates and they match those in the second PC. I booted the machine to safe mode and the error no longer shows up. Is it correct for me to assume that the problem is being caused by one of the programs or drivers in the PC and not consent.exe? If so, how do I use the logs to find that program or driver? Thanks for the help.

Details for Event 11, which follows the event mentioned above: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" /> <EventID>11</EventID> <Version>0</Version> <Level>2</Level> <Task>11</Task> <Opcode>2</Opcode> <Keywords>0x4000000000000003</Keywords> <TimeCreated SystemTime="2010-08-03T16:06:39.848632800Z" /> <EventRecordID>520398</EventRecordID> <Correlation /> <Execution ProcessID="1992" ThreadID="4264" /> <Channel>Microsoft-Windows-CAPI2/Operational</Channel> <Computer>Ralf-PC</Computer> <Security UserID="S-1-5-21-144745434-3117752395-3347988403-1000" /> </System> - <UserData> - <CertGetCertificateChain> <Certificate fileRef="7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer" subjectName="Microsoft Time-Stamp Service" /> <ValidationTime>2009-07-14T03:01:05Z</ValidationTime> - <AdditionalStore> <Certificate fileRef="5DF0D7571B0780783960C68B78571FFD7EDAF021.cer" subjectName="Microsoft Windows Verification PCA" /> <Certificate fileRef="375FCB825C3DC3752A02E34EB70993B4997191EF.cer" subjectName="Microsoft Time-Stamp PCA" /> <Certificate fileRef="018B222E21FBB2952304D04D1D87F736ED46DEA4.cer" subjectName="Microsoft Windows" /> <Certificate fileRef="7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer" subjectName="Microsoft Time-Stamp Service" /> </AdditionalStore> - <ExtendedKeyUsage> <Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" /> </ExtendedKeyUsage> <Flags value="C8000005" CERT_CHAIN_CACHE_END_CERT="true" CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL="true" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="true" CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY="true" CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT="true" /> <ChainEngineInfo context="user" /> - <CertificateChain chainRef="{94E241CB-8C9B-4010-8ABB-D178548E3C72}"> - <TrustStatus> <ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" /> <InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> - <ChainElement> <Certificate fileRef="7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer" subjectName="Microsoft Time-Stamp Service" /> <SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" /> <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="2048" /> - <TrustStatus> <ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" /> <InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> - <ApplicationUsage> <Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" /> </ApplicationUsage> <IssuanceUsage /> - <RevocationInfo> <RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult> </RevocationInfo> </ChainElement> - <ChainElement> <Certificate fileRef="375FCB825C3DC3752A02E34EB70993B4997191EF.cer" subjectName="Microsoft Time-Stamp PCA" /> <SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" /> <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="2048" /> - <TrustStatus> <ErrorStatus value="0" /> <InfoStatus value="101" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> - <ApplicationUsage> <Usage oid="1.3.6.1.5.5.7.3.8" name="Time Stamping" /> </ApplicationUsage> <IssuanceUsage /> - <RevocationInfo freshnessTime="P77DT16H38M56S"> <RevocationResult value="0" /> <CertificateRevocationList location="TvoCache" url="http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl" fileRef="6CC49C402F7C2A28CCF67F6DC1AFB9E5D79CDE10.crl" issuerName="Microsoft Root Certificate Authority" /> </RevocationInfo> </ChainElement> - <ChainElement> <Certificate fileRef="CDD4EEAE6000AC7F40C3802C171E30148030C072.cer" subjectName="Microsoft Root Certificate Authority" /> <SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" /> <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="4096" /> - <TrustStatus> <ErrorStatus value="0" /> <InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /> </TrustStatus> <ApplicationUsage any="true" /> <IssuanceUsage any="true" /> </ChainElement> </CertificateChain> <EventAuxInfo ProcessName="consent.exe" impersonateToken="S-1-5-21-144745434-3117752395-3347988403-1000" /> <CorrelationAuxInfo TaskId="{1DEDDADF-26EC-40C5-81BC-C6F0FA87DF56}" SeqNumber="17" /> <Result value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</Result> </CertGetCertificateChain> </UserData> </Event>

Hi, This issue could occur due to conflicts with certain software. I would suggest prepare clean boot to troubleshoot first. If it does not work, to determine the cause of the CAPI2 error, you can enable CAPI2 logging in the event log. You can do this by go to Applications and Services Logs\Microsoft\Windows\CAPI2\Operational in the event viewer. Choose operational and enable logging. Please notice how often the error occurred, reproduce it again and check that event log by navigating to Applications and Services Logs\Microsoft\Windows\CAPI2\Operational. Check if any .exe file appears within the log. For more detailed information, please visit http://www.petenetlive.com/KB/Article/0000304.htm. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thank you for the help. I turned on CAPI2 logging earlier, and the two entries pasted above are errors that come from the log. I followed your instructions for a clean boot and just discovered that the two problems (Events 41 and 11) still appear right after I boot. Previously, I ran sfc /scannow but the problems still appeared. I think one forum thread suggested cleaning the registry. I will try that and let you know how it goes.

I used Wise Registry Cleaner and the problem's still there. I also tried a clean boot, sfc /scannow, and erasing and updating the certificates. I'm not sure if the latter helped, though, if the certificates involved are part of consent.exe. I think I can't overwrite consent.exe. I wonder if an in-place upgrade might help. Is that done by inserting the Win 7 disk and selecting the upgrade option? I read somewhere that my settings and programs should remain but that I'll have to download and re-install updates.

On Sat, 7 Aug 2010 09:23:37 +0000, ralfymann wrote: I used Wise Registry Cleaner and the problem's still there. I can't help with your problem, but for the future, I strongly recommend that you avoid running any registry cleaner. Avoid them all like the plague! Registry cleaning programs are all snake oil. Cleaning of the registry isn't needed and is dangerous. Leave the registry alone and don't use any registry cleaner. Despite what many people think, and what vendors of registry cleaning software try to convince you of, having unused registry entries doesn't really hurt you. The risk of a serious problem caused by a registry cleaner erroneously removing an entry you need is far greater than any potential benefit it may have. Read http://www.edbott.com/weblog/archives/000643.html and http://aumha.net/viewtopic.php?t=28099 and also http://blogs.technet.com/markrussinovich/archive/2005/10/02/registry-junk-a-windows-fact-of-life.aspx Let me point out that neither I nor anyone else who warns against the use of registry cleaners has ever said that they always cause problems. If they always caused problems, they would disappear from the market almost immediately. Many people have used a registry cleaner and never had a problem with it. Rather, the problem with a registry cleaner is that it carries with it the substantial risk of having a problem. And since there is no benefit to using a registry cleaner, running that risk is a very bad bargain. Ken Blake

Registry cleaning programs are all snake oil. Speed up your PC with our free registry cleaner Why should I clean my registry? How often should I clean my registry? Get a free PC scan! Try the Windows Live OneCare safety scanner, Windows Vista and Windows 7 edition

The in-place upgrade, which took around two hours, didn't solve the problem, either. The errors are the same as the one indicated above: Event 41 (verify revocation) followed by Event 11 (build chain). If you think it's a problem with the ISP, let me know what instructions to give to the technical personnel, i.e., if their proxy or something like that should allow connections to particular servers. Finally, the events don't appear to affect anything in the system.

Hi, As the error reoccur after in-place upgrade, it could be due to expired driver certificants. To troubleshoot this issue, I suggest boot into Safe mode first. Start your computer in safe mode http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode If behavior doesn’t persist in safe mode, try device clean boot. 1. Click Start, type "devmgmt.msc" (without quotation marks) in the Search bar and press Enter. 2. Expand "Sound, video and game controllers". 3. Right click on your sound card and then click "Properties. 4. In the dropdown menu of Device Usage, please choose "Do not use this device (disable)" and click OK. 5. Please use the same method to disable other dubious hardware such as: internal modem, network card and CD-R drive. Please note some devices such as video adapter are not available to be disabled. If the issue persists in Safe mode, we may consider your motherboard or CPU is faulty. Please tell us the result.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thank you for the help. I tried safe mode but no new entries appear in the CAPI2 log. The application log contains no errors. With clean boot and disabled devices, the errors still appeared. I disabled the ff. devices one by one and checked: two DVD burners, the sound card, and a built-in sound card. I was checking another PC nearby which has another hardware configuration and uses another ISP but also has Win 7 64-bit Home Premium, and noticed that the same 4107 error appears in the application event log. The file indicated is also consent.exe. I'm also still getting the same error in my application log even when my CAPI2 log is enabled: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" /> <EventID Qualifiers="0">4107</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2010-08-10T01:41:58.747070400Z" /> <EventRecordID>37488</EventRecordID> <Correlation /> <Execution ProcessID="1184" ThreadID="2504" /> <Channel>Application</Channel> <Computer>Ralf-PC</Computer> <Security /> </System> - <EventData> <Data>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab</Data> <Data>A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</Data> </EventData> </Event> I already downloaded, extracted, and isntalled authrootstl.cab. I checked the digital signatures in the properties of consent.exe in both PCs and noticed that the validity period of Microsoft Windows Verification PCA is 10/23/2008 to 1/23/2010. I wonder if this is the certificate referred to in the error message because the current date is past the validity period of 1/23/2010. I checked the backup consent.exe file in winsxs and it has the same validity period.

Have you check network card? As the issue disappear in Safe Mode, let us test in Safe Mode with networking again. If the error reoccur in Safe Mode with networking, It may have something to do with your ISP. Contact your ISP for direct assistance. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Again, thank you for the help. Unfortunately, my four-year-old HD crashed, so I had to buy a new HD and re-install the OS. So far, I've not seen such errors in the logs for the newly installed OS. I remember using safe mode with networking on for the previously installed OS and even did some Internet surfing, but no new entries were appearing in the CAPI2 log, errors or otherwise. I'm guessing, then, that it must have been one of the programs I installed that caused the problem. I'll check the log whenever I install something and see if the problem shows up. I'll also wait for an answer from someone in another forum who solved the problem.

Thank you for your feedback. Your situation may share some light to others that encounter the same issue. I will mark it as answer to help others get on the further direction. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Some of the suggestions in this page solved my problem: http://msmvps.com/blogs/bradley/archive/2010/09/02/capi2-errors-driving-you-crazy.aspx i.e., I removed the cached certs in the directories indicated in the page, and then followed http://support.microsoft.com/default.aspx?scid=kb;en-us;2328240