"A certificate chain could not be built to a trusted root authority" when you finish installing Visual Studio 2013 or Visual Studio 2012


After you finish installing Microsoft Visual Studio 2013 or Visual Studio 2012, you receive the following message on the last page:

Setup Completed
However, not all features installed correctly.

Please correct the following problems to ensure full product functionality. Click here to see the most common issues and workarounds or here to review the log file.

Microsoft Web Deploy 3.0
A certificate chain could not be built to a trust root authority.

If you click to view the log file and then search for "Error," you see log lines that resemble the following:

[05B0:0500][2012-08-05T14:07:07]: Acquiring package: webdeploy_x64_en_usmsi_902, payload: webdeploy_x64_en_usmsi_902, copy from: D:\packages\WebDeploy\WebDeploy_x64.msi [04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to verify certificate chain policy status. [04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to get certificate chain for authenticode certificate. [04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to verify signature of payload: webdeploy_x64_en_usmsi_902 [04E4:0564][2012-08-05T14:07:08]: Failed to verify payload: webdeploy_x64_en_usmsi_902 at path: C:\ProgramData\Package Cache\.unverified\webdeploy_x64_en_usmsi_902, error: 0x800b010a. Deleting file. [04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to cache payload: webdeploy_x64_en_usmsi_902 

Note Some information in your log files will differ from this example.


This problem occurs because some components in Visual Studio 2013 and Visual Studio 2012 are signed by a certification authority that is not installed on Windows 7 or Windows Server 2008 R2. Computers that are not connected to the Internet cannot automatically download these certificates.


To resolve this problem, download the root certificate updates that are described in the following Microsoft Knowledge Base article:
931125 Windows root certificate program members

Note The update applies to Windows XP, Windows Server 2003, and later versions of Windows. It will install on computers that are running Windows 7 or Windows Server 2008 R2. These are the minimum supported Windows versions for Visual Studio 2013 and Visual Studio 2012.

After you have the root certificate update installed, you should repair Visual Studio to install those packages that are affected by the problem that is described in this Knowledge Base article. To do this, follow these steps:

  1. Click Start, type Programs and Features, and then click Programs and Features in the search results.
  2. Select a product that is listed in the "Applies to" section.
  3. On the toolbar, click Change.
  4. Click Repair.
  5. Click Continue or Yes if you are prompted to do this. The installation will continue.

More Information

New root certification authorities that were created after the release of Windows 7 and Windows Server 2008 R2 enable strong signatures that use an SHA256 hash. Computers that are connected to the Internet automatically download these certificates. However, computers that are not connected to the Internet or that do not already have the root certificate update installed do not have the required certification authority installed.

After the updated certification authorities are installed, repairing Visual Studio 2012 will install any missing components. Therefore, Web Deploy 3.0 or any other affected components will be installed.

文書番号:2746268 - 最終更新日: 2014/12/02 - リビジョン: 1