Hi Team,
I need your help! I have to install a Symantec application to a Windows Server 2008 R2 workspace and I'm running to an error message and on the Event Viewer I get this.:
XML View.:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="0">4110</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2016-06-20T07:17:05.960875000Z" />
<EventRecordID>1491095</EventRecordID>
<Correlation />
<Execution ProcessID="284" ThreadID="5460" />
<Channel>Application</Channel>
<Computer>XFILES0</Computer>
<Security />
</System>
- <EventData>
<Data />
<Data>Access is denied.</Data>
</EventData>
</Event>
(Friendly View):
- System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
[ EventSourceName] Microsoft-Windows-CAPI2
- EventID 4110
[ Qualifiers] 0
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2016-06-20T07:17:05.960875000Z
EventRecordID 1491095
Correlation
- Execution
[ ProcessID] 284
[ ThreadID] 5460
Channel Application
Computer XFILES0
Security
- EventData
Access is denied.
I tried to make this solution:
Grant the user "NT SERVICE\cryptsvc" full access on the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Didn't help.
I tried to grant access via Group Policy but didn't worked.
After when I enabled logging CAPI2 I had these error also (warning long message!):
+ System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 11
Version 0
Level 2
Task 11
Opcode 2
Keywords 0x4000000000000003
- TimeCreated
[ SystemTime] 2016-06-21T13:35:09.265625000Z
EventRecordID 1223
Correlation
- Execution
[ ProcessID] 5524
[ ThreadID] 6196
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-18
- UserData
- CertGetCertificateChain
- Certificate
[ fileRef] 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C.cer
[ subjectName] Microsoft Time-Stamp Service
ValidationTime 2009-07-14T03:00:30Z
- AdditionalStore
- Certificate
[ fileRef] 5DF0D7571B0780783960C68B78571FFD7EDAF021.cer
[ subjectName] Microsoft Windows Verification PCA
- Certificate
[ fileRef] 375FCB825C3DC3752A02E34EB70993B4997191EF.cer
[ subjectName] Microsoft Time-Stamp PCA
- Certificate
[ fileRef] 018B222E21FBB2952304D04D1D87F736ED46DEA4.cer
[ subjectName] Microsoft Windows
- Certificate
[ fileRef] 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C.cer
[ subjectName] Microsoft Time-Stamp Service
- ExtendedKeyUsage
- Usage
[ oid] 1.3.6.1.5.5.7.3.8
[ name] Time Stamping
- Flags
[ value] C8000005
[ CERT_CHAIN_CACHE_END_CERT] true
[ CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL] true
[ CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT] true
[ CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY] true
[ CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT] true
- ChainEngineInfo
[ context] user
- CertificateChain
[ chainRef] {9ACF4030-D9EA-4086-9D70-D0A03FAC31F6}
- TrustStatus
- ErrorStatus
[ value] 1000040
[ CERT_TRUST_REVOCATION_STATUS_UNKNOWN] true
[ CERT_TRUST_IS_OFFLINE_REVOCATION] true
- InfoStatus
[ value] 100
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ChainElement
- Certificate
[ fileRef] 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C.cer
[ subjectName] Microsoft Time-Stamp Service
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 1000040
[ CERT_TRUST_REVOCATION_STATUS_UNKNOWN] true
[ CERT_TRUST_IS_OFFLINE_REVOCATION] true
- InfoStatus
[ value] 102
[ CERT_TRUST_HAS_KEY_MATCH_ISSUER] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
- Usage
[ oid] 1.3.6.1.5.5.7.3.8
[ name] Time Stamping
IssuanceUsage
- RevocationInfo
- RevocationResult The revocation function was unable to check revocation because the revocation server was offline.
[ value] 80092013
- ChainElement
- Certificate
[ fileRef] 375FCB825C3DC3752A02E34EB70993B4997191EF.cer
[ subjectName] Microsoft Time-Stamp PCA
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 2048
- TrustStatus
- ErrorStatus
[ value] 1000040
[ CERT_TRUST_REVOCATION_STATUS_UNKNOWN] true
[ CERT_TRUST_IS_OFFLINE_REVOCATION] true
- InfoStatus
[ value] 101
[ CERT_TRUST_HAS_EXACT_MATCH_ISSUER] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
- Usage
[ oid] 1.3.6.1.5.5.7.3.8
[ name] Time Stamping
IssuanceUsage
- RevocationInfo
- RevocationResult The revocation function was unable to check revocation because the revocation server was offline.
[ value] 80092013
- ChainElement
- Certificate
[ fileRef] CDD4EEAE6000AC7F40C3802C171E30148030C072.cer
[ subjectName] Microsoft Root Certificate Authority
- SignatureAlgorithm
[ oid] 1.2.840.113549.1.1.5
[ hashName] SHA1
[ publicKeyName] RSA
- PublicKeyAlgorithm
[ oid] 1.2.840.113549.1.1.1
[ publicKeyName] RSA
[ publicKeyLength] 4096
- TrustStatus
- ErrorStatus
[ value] 0
- InfoStatus
[ value] 10C
[ CERT_TRUST_HAS_NAME_MATCH_ISSUER] true
[ CERT_TRUST_IS_SELF_SIGNED] true
[ CERT_TRUST_HAS_PREFERRED_ISSUER] true
- ApplicationUsage
[ any] true
- IssuanceUsage
[ any] true
- EventAuxInfo
[ ProcessName] TrustedInstaller.exe
- CorrelationAuxInfo
[ TaskId] {871FFDEB-F1FE-4BF2-A763-4D6A2028BD44}
[ SeqNumber] 13
- Result The revocation function was unable to check revocation because the revocation server was offline.
[ value] 80092013
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 41
Version 0
Level 2
Task 41
Opcode 2
Keywords 0x4000000000000005
- TimeCreated
[ SystemTime] 2016-06-21T13:35:09.406250000Z
EventRecordID 1429
Correlation
- Execution
[ ProcessID] 5524
[ ThreadID] 6196
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-18
- UserData
- CertVerifyRevocation
- Certificate
[ fileRef] 7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer
[ subjectName] Microsoft Time-Stamp Service
- IssuerCertificate
[ fileRef] 375FCB825C3DC3752A02E34EB70993B4997191EF.cer
[ subjectName] Microsoft Time-Stamp PCA
- Flags
[ value] 6
[ CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION] true
[ CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG] true
- AdditionalParameters
[ timeToUse] 2010-11-20T19:37:07Z
[ currentTime] 2016-06-21T13:35:09.406Z
[ urlRetrievalTimeout] PT20S
- RevocationStatus
[ index] 0
[ error] 80092013
[ reason] 0
- EventAuxInfo
[ ProcessName] TrustedInstaller.exe
- CorrelationAuxInfo
[ TaskId] {0E2803AC-A55F-4D52-9633-9526084BE70E}
[ SeqNumber] 12
- Result The revocation function was unable to check revocation because the revocation server was offline.
[ value] 80092013
- System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 81
Version 0
Level 2
Task 80
Opcode 2
Keywords 0x4000000000000040
- TimeCreated
[ SystemTime] 2016-06-22T06:25:55.484375000Z
EventRecordID 1515
Correlation
- Execution
[ ProcessID] 2412
[ ThreadID] 7540
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-21-2891754220-1581365162-4186756288-1198
- UserData
- WinVerifyTrust
ActionID {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- UIChoice WTD_UI_NONE
[ value] 2
- RevocationCheck
[ value] 0
- StateAction WTD_STATEACTION_VERIFY
[ value] 1
- Flags
[ value] 80006000
[ WTD_DISABLE_MD2_MD4] true
[ WTD_MOTW] true
[ CPD_USE_NT5_CHAIN_FLAG] true
- FileInfo
[ filePath] C:\Users\huh81418\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5OVRDYP\MicCerTruLisPCA_2009-04-02[1].cer
[ hasFileHandle] true
- DigestInfo
[ digestAlgorithm]
[ digest]
- RegPolicySetting
[ value] 23C00
[ WTPF_OFFLINEOK_IND] true
[ WTPF_OFFLINEOK_COM] true
[ WTPF_OFFLINEOKNBU_IND] true
[ WTPF_OFFLINEOKNBU_COM] true
[ WTPF_IGNOREREVOCATIONONTS] true
- StepError
[ stepID] 3
[ stepName] TRUSTERROR_STEP_SIP
- Result The form specified for the subject is not one supported or known by the specified trust provider.
[ value] 800B0003
- StepError
[ stepID] 9
[ stepName] TRUSTERROR_STEP_MSG_SIGNERCOUNT
- Result The form specified for the subject is not one supported or known by the specified trust provider.
[ value] 800B0003
- StepError
[ stepID] 32
[ stepName] TRUSTERROR_STEP_FINAL_OBJPROV
- Result The form specified for the subject is not one supported or known by the specified trust provider.
[ value] 800B0003
- StepError
[ stepID] 33
[ stepName] TRUSTERROR_STEP_FINAL_SIGPROV
- Result No signature was present in the subject.
[ value] 800B0100
- StepError
[ stepID] 34
[ stepName] TRUSTERROR_STEP_FINAL_CERTPROV
- Result No signature was present in the subject.
[ value] 800B0100
- EventAuxInfo
[ ProcessName] iexplore.exe
- CorrelationAuxInfo
[ TaskId] {53E5A1F0-A3DD-4CC6-92F7-FD7D24CD3C41}
[ SeqNumber] 2
- Result The form specified for the subject is not one supported or known by the specified trust provider.
[ value] 800B0003
- System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 53
Version 0
Level 2
Task 53
Opcode 2
Keywords 0x4000000000000036
- TimeCreated
[ SystemTime] 2016-06-22T06:26:29.500000000Z
EventRecordID 1525
Correlation
- Execution
[ ProcessID] 7528
[ ThreadID] 7524
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-21-2891754220-1581365162-4186756288-1198
- UserData
- CryptRetrieveObjectByUrlWire
- URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
[ scheme] http
- Object
[ type] Blob
[ constant] 0
Timeout PT15S
- Flags
[ value] C205004
[ CRYPT_WIRE_ONLY_RETRIEVAL] true
[ CRYPT_STICKY_CACHE_RETRIEVAL] true
[ CRYPT_OFFLINE_CHECK_RETRIEVAL] true
[ CRYPT_PROXY_CACHE_RETRIEVAL] true
[ CRYPT_RANDOM_QUERY_STRING_RETRIEVAL] true
[ CRYPT_ENABLE_FILE_RETRIEVAL] true
- AuxInfo
[ cacheResyncTime] 2016-06-22T02:26:23.234Z
[ fProxyCacheRetrieval] true
- AdditionalInfo
- NetworkConnectivityStatus
[ value] 1
[ _SENSAPI_NETWORK_ALIVE_LAN] true
- Action
[ name] Call_WinHttpGetProxyForUrl
- Error The Proxy Auto-configuration URL was not found.
[ value] 2F94
- Action
[ name] NoProxy
- Action
[ name] Call_WinHttpGetProxyForUrl
- Error The Proxy Auto-configuration URL was not found.
[ value] 2F94
- Action
[ name] NoProxy
- HTTPRequestHeadersInfo
Header GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6cab9a099cfb92b1 HTTP/1.1
Header Accept: */*
Header User-Agent: Microsoft-CryptoAPI/6.1
Header Connection: Keep-Alive
- HTTPResponseHeadersInfo
Header HTTP/1.1 200 OK
Header Cache-Control: max-age=86400
Header Connection: Keep-Alive
Header Date: Wed, 22 Jun 2016 06:26:25 GMT
Header Content-Length: 6557
Header Content-Type: application/octet-stream
Header Last-Modified: Thu, 26 May 2016 16:44:40 GMT
Header Accept-Ranges: bytes
Header Age: 0
Header ETag: "0cc7de56db7d11:0"
Header Server: Microsoft-IIS/7.5
Header X-Powered-By: ASP.NET
- CacheInfo
[ lastSyncTime] 2016-06-22T06:26:29.500Z
- URLCacheResponseInfo
[ responseType] CRYPTNET_URL_CACHE_RESPONSE_HTTP
[ lastModifiedTime] 2016-05-26T16:44:40Z
[ maxAge] 86400
[ eTag] "0cc7de56db7d11:0"
- RetrievedObjects
- Blob 4D534346000000009D190000000000002C000000000000000301010001000000000000004F00000001000100D7230000000000000000B8488C792000646973616C6C6F776564636572742E73746C0010C8A7214619D723434BD5980938946DFBFF67C6D8B364E7B10B59867BC62E8AEC5BC84EB2EF6B0C4296196B09D965892C
[ fileRef] DAC95A6A377BE7EAA7CD8D02211FBBE1D22EBEDF.bin
[ maxSize] true
- EventAuxInfo
[ ProcessName] rundll32.exe
- CorrelationAuxInfo
[ TaskId] {AE5866F6-F230-4A25-9368-630B0B92A02F}
[ SeqNumber] 4
- Result
[ value] 0
- System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 30
Version 0
Level 2
Task 30
Opcode 0
Keywords 0x4000000000000001
- TimeCreated
[ SystemTime] 2016-06-21T13:58:57.843750000Z
EventRecordID 1494
Correlation
- Execution
[ ProcessID] 544
[ ThreadID] 604
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-20
- UserData
- CertVerifyCertificateChainPolicy
- Policy
[ type] CERT_CHAIN_POLICY_SSL
[ constant] 4
- Certificate
[ fileRef] 30CB980CEEA9CA2F9E5AF2D8D7FCC75308F9C1F2.cer
[ subjectName] XFILES0
- CertificateChain
[ chainRef] {03F399CC-055B-4A7D-B08B-78002DF102F4}
- Flags
[ value] 0
- SSLAdditionalPolicyInfo
[ authType] server
- IgnoreFlags
[ value] 280
[ SECURITY_FLAG_IGNORE_REVOCATION] true
[ SECURITY_FLAG_IGNORE_WRONG_USAGE] true
- Status
[ chainIndex] 0
[ elementIndex] 0
- EventAuxInfo
[ ProcessName] lsass.exe
[ impersonateToken] S-1-5-20
- CorrelationAuxInfo
[ TaskId] {E690E3B2-095F-46C0-BEF7-0965AA243A8B}
[ SeqNumber] 1
- Result A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
[ value] 800B0109
- System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 60
Version 0
Level 2
Task 60
Opcode 0
Keywords 0x4000000000000100
- TimeCreated
[ SystemTime] 2016-06-22T06:26:59.171875000Z
EventRecordID 1584
Correlation
- Execution
[ ProcessID] 284
[ ThreadID] 4620
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-20
- UserData
- CertificateStore
- Store AuthRoot
[ type] CERT_STORE_PROV_SYSTEM_REGISTRY_W
[ constant] 13
[ location] CERT_SYSTEM_STORE_LOCAL_MACHINE_ID
- Flags
[ value] 20000
- EventAuxInfo
[ ProcessName] svchost.exe
- CorrelationAuxInfo
[ TaskId] {414FF545-F2B5-4CFB-8526-48836304C06E}
[ SeqNumber] 1
- Result Access is denied.
[ value] 5
- System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 80
Version 0
Level 4
Task 80
Opcode 1
Keywords 0x4000000000000040
- TimeCreated
[ SystemTime] 2016-06-21T13:35:09.296875000Z
EventRecordID 1261
Correlation
- Execution
[ ProcessID] 5524
[ ThreadID] 6196
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-18
- UserData
- WinVerifyTrustStart
- EventAuxInfo
[ ProcessName] TrustedInstaller.exe
- CorrelationAuxInfo
[ TaskId] {EE87CBED-4EB8-4AED-98F6-6E3482897544}
[ SeqNumber] 1
- System
- Provider
[ Name] Microsoft-Windows-CAPI2
[ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventID 82
Version 0
Level 4
Task 82
Opcode 0
Keywords 0x4000000000000400
- TimeCreated
[ SystemTime] 2016-06-21T13:35:09.296875000Z
EventRecordID 1260
Correlation
- Execution
[ ProcessID] 5524
[ ThreadID] 6196
Channel Microsoft-Windows-CAPI2/Operational
Computer XFILES0
- Security
[ UserID] S-1-5-18
- UserData
- CryptCATAdminEnumCatalogFromHash
- CATQueryInfo
[ hash] 5422188CE05AAB2B79A91DE6692E300CD21F803E
[ targetFilePath] \Windows\System32\drivers\msdsm.sys
[ catalogFilePath] C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Server-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
- AdditionalInfo
- CryptSvcCatalogs
Catalog C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Server-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
- EventAuxInfo
[ ProcessName] TrustedInstaller.exe
- CorrelationAuxInfo
[ TaskId] {5FB88A67-D06D-4404-9A1B-0385D434E5C8}
[ SeqNumber] 1
- Result
[ value] 0
These are the errors. I hope we could find a solution of this huge complex error.
Thanks in advance
Regards,
Daniel Juhasz