# Solved: CAPI2 Error, Event IDs 4107, 41, and 11



## ralfy (Aug 2, 2010)

I noted Event ID 4107 in the events log periodically, and not just for one PC but for four, the three using different hardware, another ISP, and other programs installed but the same OS: Win 7 Home Premium 64-bit.

The details for Event ID 4107 is:

*-* <Event xmlns="*http://schemas.microsoft.com/win/2004/08/events/event*">
*-* <System>
<Provider Name="*Microsoft-Windows-CAPI2*" Guid="*{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}*" EventSourceName="*Microsoft-Windows-CAPI2*" />

<EventID Qualifiers="*0*">*4107*</EventID>

<Version>*0*</Version>

<Level>*2*</Level>

<Task>*0*</Task>

<Opcode>*0*</Opcode>

<Keywords>*0x8080000000000000*</Keywords>

<TimeCreated SystemTime="*2010-08-05T14:05:35.276367100Z*" />

<EventRecordID>*35951*</EventRecordID>

<Correlation />

<Execution ProcessID="*1256*" ThreadID="*724*" />

<Channel>*Application*</Channel>

<Computer>*Ralf-PC*</Computer>

<Security />

</System>

*-* <EventData>
<Data>*http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab*</Data>

<Data>*A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.*</Data>

</EventData>

</Event>

When CAPI2 logged, these two events appear:

Event ID 41

*-* <Event xmlns="*http://schemas.microsoft.com/win/2004/08/events/event*">
*-* <System>
<Provider Name="*Microsoft-Windows-CAPI2*" Guid="*{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}*" />

<EventID>*41*</EventID>

<Version>*0*</Version>

<Level>*2*</Level>

<Task>*41*</Task>

<Opcode>*2*</Opcode>

<Keywords>*0x4000000000000005*</Keywords>

<TimeCreated SystemTime="*2010-08-03T16:06:39.848632800Z*" />

<EventRecordID>*520397*</EventRecordID>

<Correlation />

<Execution ProcessID="*1992*" ThreadID="*4264*" />

<Channel>*Microsoft-Windows-CAPI2/Operational*</Channel>

<Computer>*Ralf-PC*</Computer>

<Security UserID="*S-1-5-21-144745434-3117752395-3347988403-1000*" />

</System>

*-* <UserData>
*-* <CertVerifyRevocation>
<Certificate fileRef="*7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer*" subjectName="*Microsoft Time-Stamp Service*" />

<IssuerCertificate fileRef="*375FCB825C3DC3752A02E34EB70993B4997191EF.cer*" subjectName="*Microsoft Time-Stamp PCA*" />

<Flags value="*6*" CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION="*true*" CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG="*true*" />

<AdditionalParameters timeToUse="*2009-07-14T03:01:05Z*" currentTime="*2010-08-03T16:06:39.833Z*" urlRetrievalTimeout="*PT20S*" />

<RevocationStatus index="*0*" error="*80092013*" reason="*0*" />

<EventAuxInfo ProcessName="*consent.exe*" impersonateToken="*S-1-5-21-144745434-3117752395-3347988403-1000*" />

<CorrelationAuxInfo TaskId="*{1DEDDADF-26EC-40C5-81BC-C6F0FA87DF56}*" SeqNumber="*16*" />

<Result value="*80092013*">*The revocation function was unable to check revocation because the revocation server was offline.*</Result>

</CertVerifyRevocation>

</UserData>

</Event>

Followed by Event ID 11:

<Event xmlns="*http://schemas.microsoft.com/win/2004/08/events/event*">*-* <System>
<Provider Name="*Microsoft-Windows-CAPI2*" Guid="*{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}*" />

<EventID>*11*</EventID>

<Version>*0*</Version>

<Level>*2*</Level>

<Task>*11*</Task>

<Opcode>*2*</Opcode>

<Keywords>*0x4000000000000003*</Keywords>

<TimeCreated SystemTime="*2010-08-03T16:06:39.848632800Z*" />

<EventRecordID>*520398*</EventRecordID>

<Correlation />

<Execution ProcessID="*1992*" ThreadID="*4264*" />

<Channel>*Microsoft-Windows-CAPI2/Operational*</Channel>

<Computer>*Ralf-PC*</Computer>

<Security UserID="*S-1-5-21-144745434-3117752395-3347988403-1000*" />

</System>

*-* <UserData>
*-* <CertGetCertificateChain>
<Certificate fileRef="*7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer*" subjectName="*Microsoft Time-Stamp Service*" />

<ValidationTime>*2009-07-14T03:01:05Z*</ValidationTime>

*-* <AdditionalStore>
<Certificate fileRef="*5DF0D7571B0780783960C68B78571FFD7EDAF021.cer*" subjectName="*Microsoft Windows Verification PCA*" />

<Certificate fileRef="*375FCB825C3DC3752A02E34EB70993B4997191EF.cer*" subjectName="*Microsoft Time-Stamp PCA*" />

<Certificate fileRef="*018B222E21FBB2952304D04D1D87F736ED46DEA4.cer*" subjectName="*Microsoft Windows*" />

<Certificate fileRef="*7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer*" subjectName="*Microsoft Time-Stamp Service*" />

</AdditionalStore>

*-* <ExtendedKeyUsage>
<Usage oid="*1.3.6.1.5.5.7.3.8*" name="*Time Stamping*" />

</ExtendedKeyUsage>

<Flags value="*C8000005*" CERT_CHAIN_CACHE_END_CERT="*true*" CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL="*true*" CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT="*true*" CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY="*true*" CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT="*true*" />

<ChainEngineInfo context="*user*" />

*-* <CertificateChain chainRef="*{94E241CB-8C9B-4010-8ABB-D178548E3C72}*">
*-* <TrustStatus>
<ErrorStatus value="*1000040*" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="*true*" CERT_TRUST_IS_OFFLINE_REVOCATION="*true*" />

<InfoStatus value="*100*" CERT_TRUST_HAS_PREFERRED_ISSUER="*true*" />

</TrustStatus>

*-* <ChainElement>
<Certificate fileRef="*7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42.cer*" subjectName="*Microsoft Time-Stamp Service*" />

<SignatureAlgorithm oid="*1.2.840.113549.1.1.5*" hashName="*SHA1*" publicKeyName="*RSA*" />

<PublicKeyAlgorithm oid="*1.2.840.113549.1.1.1*" publicKeyName="*RSA*" publicKeyLength="*2048*" />

*-* <TrustStatus>
<ErrorStatus value="*1000040*" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="*true*" CERT_TRUST_IS_OFFLINE_REVOCATION="*true*" />

<InfoStatus value="*102*" CERT_TRUST_HAS_KEY_MATCH_ISSUER="*true*" CERT_TRUST_HAS_PREFERRED_ISSUER="*true*" />

</TrustStatus>

*-* <ApplicationUsage>
<Usage oid="*1.3.6.1.5.5.7.3.8*" name="*Time Stamping*" />

</ApplicationUsage>

<IssuanceUsage />

*-* <RevocationInfo>
<RevocationResult value="*80092013*">*The revocation function was unable to check revocation because the revocation server was offline.*</RevocationResult>

</RevocationInfo>

</ChainElement>

*-* <ChainElement>
<Certificate fileRef="*375FCB825C3DC3752A02E34EB70993B4997191EF.cer*" subjectName="*Microsoft Time-Stamp PCA*" />

<SignatureAlgorithm oid="*1.2.840.113549.1.1.5*" hashName="*SHA1*" publicKeyName="*RSA*" />

<PublicKeyAlgorithm oid="*1.2.840.113549.1.1.1*" publicKeyName="*RSA*" publicKeyLength="*2048*" />

*-* <TrustStatus>
<ErrorStatus value="*0*" />

<InfoStatus value="*101*" CERT_TRUST_HAS_EXACT_MATCH_ISSUER="*true*" CERT_TRUST_HAS_PREFERRED_ISSUER="*true*" />

</TrustStatus>

*-* <ApplicationUsage>
<Usage oid="*1.3.6.1.5.5.7.3.8*" name="*Time Stamping*" />

</ApplicationUsage>

<IssuanceUsage />

*-* <RevocationInfo freshnessTime="*P77DT16H38M56S*">
<RevocationResult value="*0*" />

<CertificateRevocationList location="*TvoCache*" url="*http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl*" fileRef="*6CC49C402F7C2A28CCF67F6DC1AFB9E5D79CDE10.crl*" issuerName="*Microsoft Root Certificate Authority*" />

</RevocationInfo>

</ChainElement>

*-* <ChainElement>
<Certificate fileRef="*CDD4EEAE6000AC7F40C3802C171E30148030C072.cer*" subjectName="*Microsoft Root Certificate Authority*" />

<SignatureAlgorithm oid="*1.2.840.113549.1.1.5*" hashName="*SHA1*" publicKeyName="*RSA*" />

<PublicKeyAlgorithm oid="*1.2.840.113549.1.1.1*" publicKeyName="*RSA*" publicKeyLength="*4096*" />

*-* <TrustStatus>
<ErrorStatus value="*0*" />

<InfoStatus value="*10C*" CERT_TRUST_HAS_NAME_MATCH_ISSUER="*true*" CERT_TRUST_IS_SELF_SIGNED="*true*" CERT_TRUST_HAS_PREFERRED_ISSUER="*true*" />

</TrustStatus>

<ApplicationUsage any="*true*" />

<IssuanceUsage any="*true*" />

</ChainElement>

</CertificateChain>

<EventAuxInfo ProcessName="*consent.exe*" impersonateToken="*S-1-5-21-144745434-3117752395-3347988403-1000*" />

<CorrelationAuxInfo TaskId="*{1DEDDADF-26EC-40C5-81BC-C6F0FA87DF56}*" SeqNumber="*17*" />

<Result value="*80092013*">*The revocation function was unable to check revocation because the revocation server was offline.*</Result>

</CertGetCertificateChain>

</UserData>

</Event>

I tried various solutions found in other forums but the problem remains. I'm guessing that it's something that will be fixed given an update, but I don't see the error in a fourth machine (a Dell notebook connected to the same ISP as the first PC and using the same OS).

Finally, the consent.exe file looks right in terms of file size and signatures, and all PCs were scanned for malware, but one of the certificates in the file, Microsoft Windows Verification PCA, is valid untl 1/23/2010.

What is going on here, and is the certificate just mentioned still valid?


----------



## ralfy (Aug 2, 2010)

I followed the suggestions given in this page to solve the problem:

http://msmvps.com/blogs/bradley/archive/2010/09/02/capi2-errors-driving-you-crazy.aspx

After deleting the cached certs in the directories indicated, I followed instructions given in this page:

http://support.microsoft.com/default.aspx?scid=kb;en-us;2328240


----------

