Crypt32 8 events continuously reported on Windows Server 2003, Windows Server 2003 R2, or Windows XP

Article translations Article translations
Article ID: 2253680 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

The following event is recorded in the Application log:

Event Type: Error
Event Source: Crypt32
Event Category: None
Event ID: 8
Date: 3/15/2010
Time: 11:27:57 AM
User: N/A
Computer: SERVER1
Description:
Failed auto update retrieval of third-party root list sequence number from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt with error: The server name or address could not be resolved.

The following similar event may also be recorded:

Event Type: Error
Event Source: Crypt32
Event Category: None
Event ID: 8
Date: 3/15/2010
Time: 11:27:57 AM
User: N/A
Computer: SERVER1
Description:
Failed auto update retrieval of third-party root list sequence number from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt with error: This network connection does not exist.

These events may be recorded at continuously, at regular intervals (e.g., every 10 minutes) or they may only be recorded when you start a particular application.

Also, the computer on which the events are recorded does not have connectivity to the Windows Update web site due to router or proxy configuration.

These events are recorded despite the fact that no applications or services installed on the computer fail to start, or encounter any operational errors.

CAUSE

This behavior is expected under the following conditions:

  • The computer is unable to access the Windows Update web site due to router or proxy configuration.
  • An application has been installed that has been designed to interact with the Windows Security Center (WSC) on Windows Vista or higher. Example applications include third-party virus software, malware scanners or firewall products.

RESOLUTION

There are three options for handling these events.

  1. Disregard these events. They are benign and can be safely ignored.
  2. Modify router or proxy configuration to allow computers recording these events to connect to Windows Update.
  3. Disable Automatic Root Updates on computers recording these events.
    1. In Control Panel, double-click Add/Remove Programs.
    2. Click Add/Remove Windows Components.
    3. Click to clear the Update Root Certificates check box, and then continue with the Windows Components Wizard.


MORE INFORMATION

On Windows Vista and higher, Microsoft requires that any software the registers and interacts with the Windows Security Center (WSC) be signed with a digital certificate that chains up to an internal Microsoft code signing root certification authority (CA). This CA is called the Microsoft Code Verification Root CA (MSCV). Microsoft has cross-certified the MSCV with multiple third-party code-signing CAs allowing these vendors to continue issuing valid code-signing certificates to their customers.

The MSCV certificate is embedded in the kernel on Windows Vista and higher, but it is not available as part of the Automatic Trusted Root Update service. Whenever the digital signature on one of these applications is checked on Windows XP, Windows Server 2003 or Windows Server 2003 R2, the chain of the vendor's code signing certificate is built up to both the root CA of the third-party that issued the code signing certificate and, by virtue of the cross-CA certificate issued by Microsoft, also to the MSCV. In short, two chains are built and the validity of both are verified.

The MSCV certificate is not embedded in the kernel on Windows XP, Windows Server 2003 or Windows Server 2003 R2 so Windows determines that that CA is not trusted. If Automatic Trusted Root Updates are enabled then Windows will attempt to contact Windows Update to determine if the MSCV certificate is published by Microsoft as part of the Trusted Root Program. The MSCV is not available through that program, so this lookup fails.

Windows quickly determines that the MSCV is not trusted and that chain is eliminated. This leaves the other chain that leads to a third-party root CA, which is probably valid, allowing the application's signature to be successfully validated. Thus, there are no errors or failures associated with the application.

If Windows is able to successfully contact Windows Update then no events are recorded in the Application log. Failure to locate an arbitrary untrusted root CA certificate on Windows Update is a handled failure and requires no special reporting. On the other hand, if Automatic Trusted Root Updates are enabled, but Windows is unable to contact the Windows Update site, then that is an error that requires reporting through the events and errors documented above.

These events are not recorded on Windows Vista or higher because the MSCV certificate is embedded in the Windows kernel. The MSCV is therefore inherently trusted and there is no need to look for the certificate on Windows Update.


Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2253680 - Last Review: August 9, 2010 - Revision: 3.0
APPLIES TO
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise Edition KN
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard Edition KN
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
Keywords: 
kbsecurityservices kbdigitalcertificates kbevent KB2253680

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com