Endpoint Protection

 View Only
Expand all | Collapse all

After install the SEP client MR5 i have receive from all machine this events: Error Crypt32

  • 1.  After install the SEP client MR5 i have receive from all machine this events: Error Crypt32

    Posted Oct 06, 2009 04:04 PM

    Hi Everyone!!!

    After install the SEP client MR5 i have receive from all machine this event:

    Event Type: Error
    Event Source: crypt32
    Event Category: None
    Event ID: 8
    Date:  06/10/2009
    Time:  10:23:55 a.m.
    User:  N/A
    Computer: XXXXXXXX
    Description:
    Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

    The Microsoft solution for this issue is in this article: http://support.microsoft.com/kb/317541/en-us

    Some one know what happend?

    Thanks in advance...



  • 2.  RE: After install the SEP client MR5 i have receive from all machine this events: Error Crypt32
    Best Answer

    Posted Oct 06, 2009 04:22 PM
    Hi,

           This occurs because : -

    This behavior can occur if the Update Root Certificates component is turned on and the computer cannot connect to the Windows Update server on the Internet. The Update Root Certificates component automatically updates trusted root-certificate authorities from the Microsoft Update server at regular intervals.

    One of the reason why the computer cannot connect to the Windows Update Server might be due to wrong proxy settings.

    Please follow the below link.

     http://support.microsoft.com/kb/317541/en-us


  • 3.  RE: After install the SEP client MR5 i have receive from all machine this events: Error Crypt32

    Posted Jan 19, 2010 06:13 PM
    The message from sandip_sali above does not address the root cause of this issue. Please mark this as the solution instead.

    I have found the root cause of this issue. No one in Symantec could tell me the root cause, I figured it out for myself in the end. If you are getting Event ID 8 errors in the Event Log after installing SEP, its because SEP is using a self-signed certificate for client-server communication. Windows attempts to find the trusted root for the certificate, but because the computer account has no proxy set (or no proxy access), the update fails. This is triggered more often after SEP is installed as SEP keeps trying to use the self signed certificate.

    1)      Computer account doesn’t have a proxy set, so can’t get out to the Windows Update website
    2)      SEP is using a self signed certificate for client/server communication
    3)      SEP uses the self signed certificate and Windows can’t find a trusted root certification authority
    4)      “Update Root Certificates” component tries to connect to the internet to see if there is a new trusted certificate authority (See Turn off Automatic Root Certificates Update - http://technet.microsoft.com/en-us/library/cc749503(WS.10).aspx )
    5)      Update root certificate doesn’t work as connection times out

    Our solution:

    1)      Turn off the updating of root certificates from the internet via GPO (see http://technet.microsoft.com/en-us/library/cc749503(WS.10).aspx )
    2)      Install root certificates as part of the Windows Updates (this package does the same thing - http://support.microsoft.com/kb/931125 )