You receive an error message that contains the event ID 11 error code when you try to update your Windows Vista-based computer by using Windows Update or Microsoft Update

Article translations Article translations
Article ID: 976235 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Expand all | Collapse all

On This Page

SYMPTOMS

When you try to update your Windows Vista-based computer by using Windows Update or Microsoft Update, you receive the following error message:
Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: date time
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: computer_name
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Additionally, you may receive the error message every time that you restart your computer.

CAUSE

This issue may occur for one of the following reasons.

Cause 1

This issue may be caused by conflicts with antivirus and other security programs. This error message may occur every time that the computer is started. To work around this issue, see Method 1 in the "Workaround" section.

Cause 2

This issue may be caused if your currently logged on user account does not have sufficient permissions to write to the temporary (Temp) folder. To work around this issue, see Method 2 in the "Workaround" section.

WORKAROUND

To work around this issue, troubleshoot the issue by trying the method that is appropriate for your particular scenario. If you are unsure of your scenario, try Method 1. If that does not resolve the issue, try Method 2.

Method 1

To work around this issue, you must identify the program or service that is causing the error message. You must enable CAPI2 Operational Logging, and then restart the computer to gather the necessary event logs. To do this, follow these steps:
  1. Click Start, type Event Viewer in the Start Search box, and then click Event Viewer under Programs.

    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.
  2. Expand Applications and Services Logs.
  3. Expand Microsoft.
  4. Expand Windows.
  5. Expand CAPI2, and then click Operational. The CAPI2 Operational log opens.
  6. In the Actions task pane, click Enable Log.
  7. Restart your computer.
  8. Open the CAPI2 Operational log. To do this, repeat steps 1 through 5.
  9. Under Operational, search the events list for an event ID of 11 that has a level of Error. Click each instance that you find, and then review the description of the event to see which program is causing the error message.
One or more of the logged events may indicate the program that is causing the error message. The following antivirus and firewall programs are known to cause this error message:
  • McAfee
  • Vsmon.exe
  • AVG
  • TrendMicro
  • Zone Alarm
  • Other antivirus and security products
Notes
  • An antivirus program is designed to help protect your computer from viruses. You must not download or open files from sources that you do not trust, visit Web sites that you do not trust, or open e-mail attachments when your antivirus program is disabled. For more information about computer viruses, click the following article number to view the article in the Microsoft Knowledge Base:
    129972 Computer viruses: description, prevention, and recovery
  • A firewall is designed to help protect your computer from attack by malicious users or by malicious software, such as viruses that use unsolicited incoming network traffic to attack your computer. Before you disable your firewall, you must disconnect your computer from all networks including the Internet.
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To determine whether one of these programs or another program that is mentioned in the event log error description is causing this issue, you can test the program by temporarily disabling or temporarily uninstalling the program and then restarting your computer. Then, search the CAPI2 Operational log for an instance of event ID 11 that has a level of Error to see whether the error message still occurs.

Important If you intend to uninstall the program, you should make sure that you have access to the installation media and any product ID that is needed to reinstall the program after your testing is completed.

If temporarily disabling or temporarily uninstalling the program resolves the issue, you should contact the programs manufacturer for an update, a hotfix, or other help.

Method 2

The Automatic Root Certificates Update downloads a CAB file to the Temp folder on the local computer, extracts the contents of the file, and then updates the root certificate list. The appropriate permissions must be applied to the Temp folder for the CAB file to be installed correctly.

To check the permissions on the Temp folder, follow these steps:
  1. Click Start, type %userprofile%\AppData\Local in the Start Search box, and then click Local in the list.
  2. Right-click the Temp folder in the Folders list, and then click Properties.
  3. Click the Security tab.
  4. Click your user account in the Group or user names list that you used to log on to the computer, and make sure that your user account has Full Control permissions.
Note If the user account that you used to log on to the computer does not have Full Control permissions, follow these steps:
  1. Click Edit.
  2. Select the user account that you used to log on to the computer in the Group or user names list, and then click to select the Full control check box under Allow.
  3. Click Apply, and then click OK two times.

REFERENCES

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Properties

Article ID: 976235 - Last Review: September 27, 2011 - Revision: 2.0
APPLIES TO
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Business N
  • Windows Vista Business N 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Basic N
  • Windows Vista Home Basic N 64-bit Edition
  • Windows Vista Home Premium
  • Windows Vista Starter
  • Windows Vista Ultimate
Keywords: 
kbtshoot kberrmsg kbexpertisebeginner kbsurveynew kbprb KB976235

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com