mikey8811 Posted March 29, 2020 Posted March 29, 2020 Hi I have a problem installing KB4014984 (Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017). It will download but not install, even after several reboots. The error is: 0x800B0109 I looked it up and it says: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. I tried downloading the manual installs for this but it would not install either. Running the stand alone installer as an administrator gives the same results with the error being: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider The stand alone installer failure has no error code but rather the full error message as above. I tried resetting Windows Update manually https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-resources But the same error happened too. Some history: I fixed the Checking for Updates situation and then did a Windows Update on 15 Mar. It was able to install the rest of the updates available then. Surprisingly, there were another 8 updates that did not show up then. Thinking the updates were complete on 15 Mar, I then did some of the updates for Server 2008 from Greenhill's repository which I then interrupted. I turned the computer off and it has been off until 27 Mar when these additional updates showed up - they didn't show up before or I would have updated them before I did Greenhill's updates. I do have downloads of all the individual installers from Greenhill's repository including KB4507001 (the July 2019 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2). What can I do to get my Vista PC patched up at least until the Apr 11, 2017 update or an equivalent? Thanks
greenhillmaniac Posted April 6, 2020 Posted April 6, 2020 (edited) That happened to me in Windows 7 when also trying to install recent .NET updates. I think W7 actually received some update about outdated certificates as opposed to Vista. I solved it by importing a MS certificate that Vista and 7 don't ship with. http://download.microsoft.com/download/2/4/8/248D8A62-FCCD-475C-85E7-6ED59520FC0F/MicrosoftRootCertificateAuthority2011.cer Run the following command with Admin rights to install it (replacing the path with the one where you downloaded the certificate) certutil -addstore "Root" "c:\cacert.cer" Edited June 22, 2020 by greenhillmaniac Updated link 3
mikey8811 Posted April 7, 2020 Author Posted April 7, 2020 (edited) Hi @greenhillmaniac Thanks for the reply. I presume by path you mean c:\cacert.cer Where do i find the path where I downloaded the certificate? Or rather where should I "put" the certificate I downloaded? Also, I was of the impression that the error occurred because I had mistakenly installed some of your updates before this which superceded KB4014984 (Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017). As a result an older update did not work. I guess this isn't the case? Thanks Edited April 8, 2020 by mikey8811
greenhillmaniac Posted April 8, 2020 Posted April 8, 2020 13 hours ago, mikey8811 said: I presume by path you mean c:\cacert.cer Where do i find the path where I downloaded the certificate? Or rather where should I "put" the certificate I downloaded? "C:\cacert.cer" is just an example of the path where the certificate could be placed. Choose the one you want. BTW, after running the command the certificate will be in your certificate store, so you can delete the downloaded file after. 13 hours ago, mikey8811 said: Also, I was of the impression that the error occurred because I had mistakenly installed some of your updates before this which superceded KB4014984 (Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017). As a result an older update did not work. If that was the case the update would say that it didn't apply, not that the root certificate is not trusted (I think). 1
mikey8811 Posted April 10, 2020 Author Posted April 10, 2020 (edited) Thanks so much @greenhillmaniac That worked like a dream. I pretty much only use this Vista PC as a backup and run an old version of Firefox on it as there are some webpages I still use which need Java and that doesn't run on later versions. I also seed some torrents that are on a private tracker on it. Which of the updates from your repository should I install just to be as safe as possible given the outdated system? Thanks again. Edited April 10, 2020 by mikey8811
greenhillmaniac Posted April 10, 2020 Posted April 10, 2020 9 hours ago, mikey8811 said: Which of the updates from your repository should I install just to be as safe as possible given the outdated system? The minimum required should be the Servicing Stack update and the Monthly Rollup. Don't forget about the SHA-2 update to install updates newer than September 2019 (though it renders WU useless, since it bumps the build number to 6003). I actually need to update the repository with January's MR (you can just get it from here for now).
erpdude8 Posted June 20, 2020 Posted June 20, 2020 On 4/6/2020 at 6:58 AM, greenhillmaniac said: That happened to me in Windows 7 when also trying to install recent .NET updates. I think W7 actually received some update about outdated certificates as opposed to Vista. I solved it by importing a MS certificate that Vista and 7 don't ship with. https://mega.nz/file/V0YUDaaB#5pxXFo__HTkkK3suk0qQq2WnyMv1Kaf6FXzxJnNhVfw Run the following command with Admin rights to install it (replacing the path with the one where you downloaded the certificate) certutil -addstore "Root" "c:\cacert.cer" this MS Certificate Authority 2011 certificate is still available for download from MS support article 3149737 1
greenhillmaniac Posted June 22, 2020 Posted June 22, 2020 On 6/20/2020 at 4:29 PM, erpdude8 said: this MS Certificate Authority 2011 certificate is still available for download from MS support article 3149737 That's actually where I got it originally! When I made the post I forgot about its origin. Thanks.
lmacri Posted July 1, 2020 Posted July 1, 2020 (edited) On 4/6/2020 at 8:58 AM, greenhillmaniac said: Run the following command with Admin rights to install it (replacing the path with the one where you downloaded the certificate) certutil -addstore "Root" "c:\cacert.cer" Hi greenhillmaniac: If the user saves the MicrosoftRootCertificateAuthority2011.cer certificate file in the root directory of C:\ (i.e., C:\MicrosoftRootCertificateAuthority2011.cer) is the correct syntax of the command certutil -addstore "Root" "C:\MicrosoftRootCertificateAuthority2011.cer" ? Edited July 1, 2020 by lmacri
greenhillmaniac Posted July 2, 2020 Posted July 2, 2020 19 hours ago, lmacri said: Hi greenhillmaniac: If the user saves the MicrosoftRootCertificateAuthority2011.cer certificate file in the root directory of C:\ (i.e., C:\MicrosoftRootCertificateAuthority2011.cer) is the correct syntax of the command certutil -addstore "Root" "C:\MicrosoftRootCertificateAuthority2011.cer" ? Yes, it should work. 1
lmacri Posted July 2, 2020 Posted July 2, 2020 (edited) 58 minutes ago, greenhillmaniac said: Yes, it should work. Thank you for confirming. And just an FYI that I know of several Vista SP2 users performing a clean reinstall of their OS who have reported that your suggestion <here> to apply the MicrosoftRootCertificateAuthority2011.cer certificate file fixed the error 800B0109 ("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider") that Windows Update now throws when it tries to install KB4014984 (Security and Quality Rollup for NET. Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017). I decided to add a footnote to my instructions in the MS Answers thread Updates not working, it has been searching for updates for hours (where I post as user Great White North) in April 2020 and alert users to your solution since this problem installing KB4014984 has become so common. Edited July 2, 2020 by lmacri 1
greenhillmaniac Posted July 2, 2020 Posted July 2, 2020 3 hours ago, lmacri said: I decided to add a footnote to my instructions in the MS Answers thread Updates not working, it has been searching for updates for hours (where I post as user Great White North) in April 2020 and alert users to your solution since this problem installing KB4014984 has become so common. I've also used that post for my own Vista installs! Thanks.
Boss Posted August 3, 2021 Posted August 3, 2021 I am facing a similar problem with Win Vista Starter 32 bit recently. But it does not seem to be connected with the certificate mentioned above and KB4014984 as the steps mentioned above were carried out properly. Event Viewer shows CAPI2 Error -- Event ID 11 -- A method to fix this issue was attempted but it did not solve. As soon as the PC is started within 5 minutes this error starts filling-in in Event Viewer > Windows Log > Applications The error is seen in Event Viewer as-- Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. The link mentioned is working and I was able to download the authrootstl.cab and unzip it to find the authroot (Certificate Trust List). The images are attached. I even right clicked it and it got installed also. This particular certificate is valid till December 2021. In this certificate as it can be seen in the images attached -- The certificate is OK. Also the steps as mentioned in -- https://support.microsoft.com/en-us/topic/3acf0348-0f81-7c79-7029-a7c6c861cdfc were carried out but it did nit solve the problem. Why the error CAPI2 ? Any solution.... please guide. MSFN.zip
abbodi1406 Posted August 9, 2021 Posted August 9, 2021 @Boss based on picture 6, parent "Microsoft Root Certificate Authority 2010" is not properly trusted in your os http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt CertUtil -addstore Root MicRooCerAut_2010-06-23.crt
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now