(Msg. 1) Posted: Wed Jul 16, 2008 2:24 am
Post subject: Event ID 12 "Successful auto delete of third-party root certificat Archived from groups: microsoft>public>windows>vista>security (more info?)
Hello,
I've been unable to find out why the Update Root Certfiicate component is
auto deleting an auto installed 3rd party root certificate.
Any help with the following closely related questions would be much
appreciated
- In what circumstances does URC automatically delete a 3rd party root
certificate?
- Are such automatic deletions specific to Vista?
- Can such deletions be disabled (without disabling URC?)
For example, a Vista laptop obtains a certificate on the 2nd of July, but
the certificate is automatically deleted on the 3rd of July.
Here's the application event log extract.
Level Information
Date and Time 02/07/2008 13:50:52
Source Microsoft-Windows-CAPI2
Event ID 1
Task Category None
Description Successful auto update of third-party root certificate::
Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
Sha1
thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.
Level Information
Date and Time 03/07/2008 15:39:07
Source Microsoft-Windows-CAPI2
Event ID 12
Task Category None
Description Successful auto delete of third-party root certificate::
Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
Sha1
thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> “
(Msg. 2) Posted: Wed Jul 16, 2008 7:17 am
Post subject: Re: Event ID 12 "Successful auto delete of third-party root certificat [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Some clarity is needed:
The first assumption being made is that you are using Vista.
(Event ID 12 is different in the various versions of windows.)
In Vista, Event ID12 is the following...
The device device_name disappeared from the system without first being
prepared for removal.
(A hot detach of a removable device.)
Back to 3rd party root certificates auto-deleting...
Are you attempting to program the effect in your application, or disable the
effect on your machine?
CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE
Setting this flag inhibits the auto update of third-party roots from the
Windows Update Web Server.
Note: Unless the comuputer this certifcate is being applied to has Server
updates, this function will not work.
Preventing auto-deletion per user requires that _each user_ add the
certificate to the Trusted Root Certificate Authorities repository. If this
is not done, the certificate will auto-delete each time the user logs out of
Internet Explorer.
http://www.thebitguru.com/articles/13-Importing%20a%20Trusted%20Root%2...rtifica
"GOODAY" <GOODAY DeleteThis @discussions.microsoft.com> wrote in message
news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...
> Hello,
>
> I've been unable to find out why the Update Root Certfiicate component is
> auto deleting an auto installed 3rd party root certificate.
>
> Any help with the following closely related questions would be much
> appreciated
>
> - In what circumstances does URC automatically delete a 3rd party root
> certificate?
> - Are such automatic deletions specific to Vista?
> - Can such deletions be disabled (without disabling URC?)
>
>
> For example, a Vista laptop obtains a certificate on the 2nd of July, but
> the certificate is automatically deleted on the 3rd of July.
>
> Here's the application event log extract.
>
> Level Information
> Date and Time 02/07/2008 13:50:52
> Source Microsoft-Windows-CAPI2
> Event ID 1
> Task Category None
> Description Successful auto update of third-party root
certificate::
> Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,
C=BE>
> Sha1
> thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.
>
>
> Level Information
> Date and Time 03/07/2008 15:39:07
> Source Microsoft-Windows-CAPI2
> Event ID 12
> Task Category None
> Description Successful auto delete of third-party root
certificate::
> Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
> Sha1
> thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> "
>
>
>
(Msg. 3) Posted: Wed Jul 16, 2008 7:17 am
Post subject: Re: Event ID 12 "Successful auto delete of third-party root certif [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Hello Mark,
Many thanks for your reply.
As indicated in the original post, the example event log was from Vista and
the event log export is exactly as shown, so event ID 12, when viewing the
application log at least, is a the certificate auto delete.
The questions were
Q - In what circumstances does URC automatically delete a 3rd party root
certificate?
A - If I understand your reply correctly, the certificate will be deleted in
all instances
when a user exits Internet Explorer (please confirm)
Q - Are such automatic deletions specific to Vista?
A- ?
Q - Can such deletions be disabled (without disabling URC?)
A - No, user must add manually to the Trusted Root Certificate Authorities
repository
or else disable the Update Root Certificate Component (please confirm)
Many thanks,
Andrew
"Mark H" wrote:
> Some clarity is needed:
> The first assumption being made is that you are using Vista.
> (Event ID 12 is different in the various versions of windows.)
>
> In Vista, Event ID12 is the following...
> The device device_name disappeared from the system without first being
> prepared for removal.
> (A hot detach of a removable device.)
>
> Example: http://support.microsoft.com/kb/945926 >
>
> Back to 3rd party root certificates auto-deleting...
> Are you attempting to program the effect in your application, or disable the
> effect on your machine?
> CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE
> Setting this flag inhibits the auto update of third-party roots from the
> Windows Update Web Server.
> Note: Unless the comuputer this certifcate is being applied to has Server
> updates, this function will not work.
>
> Basics of certificate update operation:
> http://www.tech-faq.com/root-certificate-update.shtml > (Disabling of the function may cause other problems.)
>
> Preventing auto-deletion per user requires that _each user_ add the
> certificate to the Trusted Root Certificate Authorities repository. If this
> is not done, the certificate will auto-delete each time the user logs out of
> Internet Explorer.
> http://www.thebitguru.com/articles/13-Importing%20a%20Trusted%20Root%2...rtifica >
>
>
> "GOODAY" <GOODAY DeleteThis @discussions.microsoft.com> wrote in message
> news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...
> > Hello,
> >
> > I've been unable to find out why the Update Root Certfiicate component is
> > auto deleting an auto installed 3rd party root certificate.
> >
> > Any help with the following closely related questions would be much
> > appreciated
> >
> > - In what circumstances does URC automatically delete a 3rd party root
> > certificate?
> > - Are such automatic deletions specific to Vista?
> > - Can such deletions be disabled (without disabling URC?)
> >
> >
> > For example, a Vista laptop obtains a certificate on the 2nd of July, but
> > the certificate is automatically deleted on the 3rd of July.
> >
> > Here's the application event log extract.
> >
> > Level Information
> > Date and Time 02/07/2008 13:50:52
> > Source Microsoft-Windows-CAPI2
> > Event ID 1
> > Task Category None
> > Description Successful auto update of third-party root
> certificate::
> > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,
> C=BE>
> > Sha1
> > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.
> >
> >
> > Level Information
> > Date and Time 03/07/2008 15:39:07
> > Source Microsoft-Windows-CAPI2
> > Event ID 12
> > Task Category None
> > Description Successful auto delete of third-party root
> certificate::
> > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
> > Sha1
> > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> "
> >
> >
> >
>
>
>
(Msg. 4) Posted: Wed Jul 16, 2008 8:44 am
Post subject: Re: Event ID 12 "Successful auto delete of third-party root certif [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
See in-line.
"GOODAY" <GOODAY.RemoveThis@discussions.microsoft.com> wrote in message
news:4E2F0BAA-5CFD-4062-AA1A-26BF5C11056B@microsoft.com...
> Hello Mark,
>
> Many thanks for your reply.
>
> As indicated in the original post, the example event log was from Vista
and
> the event log export is exactly as shown, so event ID 12, when viewing the
> application log at least, is a the certificate auto delete.
>
I have no doubt that you gave the proper information. Just pointing out the
MS doesn't associate the two.
> The questions were
>
> Q - In what circumstances does URC automatically delete a 3rd party root
> certificate?
>
> A - If I understand your reply correctly, the certificate will be deleted
in
> all instances
> when a user exits Internet Explorer (please confirm)
This is my understanding, but response differs depending upon UAC and IE 7
Protected mode setup.
Additionally, some server updates to computers allow 3rd party certificates
to survive when the flag discussed is set to false, .NET is
disabled/uninstalled, URC is uninstalled, or the certificate is added to
the Trusted repository by the user (which requires Admin rights.) This
process can be automated within installation files, but not directly from
the web without additional UAC interaction. Automated files would require
manifests designating elevated access.
>
> Q - Are such automatic deletions specific to Vista?
> A- I believe this is true, but recent changes to XP / IE7 may include the
same functionality? I'm not sure where the UAC/Protected mode boundary
breaks this function as I have not tested it. It is discussed as being
applicable to XP SP2 in the following presentation:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-...EventID
>
> Q - Can such deletions be disabled (without disabling URC?)
> A - No, user must add manually to the Trusted Root Certificate
Authorities
> repository
> or else disable the Update Root Certificate Component (please
confirm)
Again, my understanding. Note: User addtion to TRCA requires Admin rights
(UAC approval)
MSDN/TechNet has a rather lengthy white-paper on this, but I was unable to
find it again.
Disabling URC is again a UAC level function accomplished either in Group
Policies or by uninstallation. Several Google hits indicate that URC
re-installs itself, meaning a stronger understanding is needed here on how
to permanently disable it.
Since I do not understand the exact situation/need, here are some additional
references:
While these point to Windows 2003 Server and XP applicability, they are
strongly crossed over into Vista.
So, in the end, I only half-answered your questions.
>
> Many thanks,
>
> Andrew
>
>
>
> "Mark H" wrote:
>
> > Some clarity is needed:
> > The first assumption being made is that you are using Vista.
> > (Event ID 12 is different in the various versions of windows.)
> >
> > In Vista, Event ID12 is the following...
> > The device device_name disappeared from the system without first being
> > prepared for removal.
> > (A hot detach of a removable device.)
> >
> > Example: http://support.microsoft.com/kb/945926 > >
> >
> > Back to 3rd party root certificates auto-deleting...
> > Are you attempting to program the effect in your application, or disable
the
> > effect on your machine?
> > CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE
> > Setting this flag inhibits the auto update of third-party roots from
the
> > Windows Update Web Server.
> > Note: Unless the comuputer this certifcate is being applied to has
Server
> > updates, this function will not work.
> >
> > Basics of certificate update operation:
> > http://www.tech-faq.com/root-certificate-update.shtml > > (Disabling of the function may cause other problems.)
> >
> > Preventing auto-deletion per user requires that _each user_ add the
> > certificate to the Trusted Root Certificate Authorities repository. If
this
> > is not done, the certificate will auto-delete each time the user logs
out of
> > Internet Explorer.
> >
http://www.thebitguru.com/articles/13-Importing%20a%20Trusted%20Root%2...rtifica > >
> >
> >
> > "GOODAY" <GOODAY.RemoveThis@discussions.microsoft.com> wrote in message
> > news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...
> > > Hello,
> > >
> > > I've been unable to find out why the Update Root Certfiicate component
is
> > > auto deleting an auto installed 3rd party root certificate.
> > >
> > > Any help with the following closely related questions would be much
> > > appreciated
> > >
> > > - In what circumstances does URC automatically delete a 3rd party root
> > > certificate?
> > > - Are such automatic deletions specific to Vista?
> > > - Can such deletions be disabled (without disabling URC?)
> > >
> > >
> > > For example, a Vista laptop obtains a certificate on the 2nd of July,
but
> > > the certificate is automatically deleted on the 3rd of July.
> > >
> > > Here's the application event log extract.
> > >
> > > Level Information
> > > Date and Time 02/07/2008 13:50:52
> > > Source Microsoft-Windows-CAPI2
> > > Event ID 1
> > > Task Category None
> > > Description Successful auto update of third-party root
> > certificate::
> > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign
nv-sa,
> > C=BE>
> > > Sha1
> > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.
> > >
> > >
> > > Level Information
> > > Date and Time 03/07/2008 15:39:07
> > > Source Microsoft-Windows-CAPI2
> > > Event ID 12
> > > Task Category None
> > > Description Successful auto delete of third-party root
> > certificate::
> > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,
C=BE>
> > > Sha1
> > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> "
> > >
> > >
> > >
> >
> >
> >
All times are: Eastern Time (US & Canada) (change)
Page 1 of 1
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Windows Vista