Jump to content

Certifacte Trust Provider error installing updates


mikey8811

Recommended Posts

Hi

I have a problem installing KB4014984 (Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017). It will download but not install, even after several reboots.

The error is:

0x800B0109

I looked it up and it says:

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

I tried downloading the manual installs for this but it would not install either.

Running the stand alone installer as an administrator gives the same results with the error being:

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

The stand alone installer failure has no error code but rather the full error message as above.

I tried resetting Windows Update manually

https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-resources

But the same error happened too.

Some history: I fixed the Checking for Updates situation and then did a Windows Update on 15 Mar. It was able to install the rest of the updates available then. Surprisingly, there were another 8 updates that did not show up then.

Thinking the updates were complete on 15 Mar, I then did some of the updates for Server 2008 from Greenhill's repository which I then interrupted.

I turned the computer off and it has been off until 27 Mar when these additional updates showed up - they didn't show up before or I would have updated them before I did Greenhill's updates.

I do have downloads of all the individual installers from Greenhill's repository including KB4507001 (the July 2019 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2).

What can I do to get my Vista PC patched up at least until the Apr 11, 2017 update or an equivalent?

Thanks

Link to comment
Share on other sites


That happened to me in Windows 7 when also trying to install recent .NET updates. I think W7 actually received some update about outdated certificates as opposed to Vista. I solved it by importing a MS certificate that Vista and 7 don't ship with.

http://download.microsoft.com/download/2/4/8/248D8A62-FCCD-475C-85E7-6ED59520FC0F/MicrosoftRootCertificateAuthority2011.cer

Run the following command with Admin rights to install it (replacing the path with the one where you downloaded the certificate)

certutil -addstore "Root" "c:\cacert.cer"

 

Edited by greenhillmaniac
Updated link
Link to comment
Share on other sites

Hi @greenhillmaniac

Thanks for the reply.

I presume by path you mean

c:\cacert.cer

Where do i find the path where I downloaded the certificate? Or rather where should I "put" the certificate I downloaded?

Also, I was of the impression that the error occurred because I had mistakenly installed some of your updates before this which superceded KB4014984 (Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017). As a result an older update did not work.

I guess this isn't the case?

Thanks

Edited by mikey8811
Link to comment
Share on other sites

13 hours ago, mikey8811 said:

I presume by path you mean

c:\cacert.cer

Where do i find the path where I downloaded the certificate? Or rather where should I "put" the certificate I downloaded?

"C:\cacert.cer" is just an example of the path where the certificate could be placed. Choose the one you want.
BTW, after running the command the certificate will be in your certificate store, so you can delete the downloaded file after.

13 hours ago, mikey8811 said:

Also, I was of the impression that the error occurred because I had mistakenly installed some of your updates before this which superceded KB4014984 (Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017). As a result an older update did not work.

If that was the case the update would say that it didn't apply, not that the root certificate is not trusted (I think).

Link to comment
Share on other sites

Thanks so much @greenhillmaniac

That worked like a dream.

I pretty much only use this Vista PC as a backup and run an old version of Firefox on it as there are some webpages I still use which need Java and that doesn't run on later versions. I also seed some torrents that are on a private tracker on it.

Which of the updates from your repository should I install just to be as safe as possible given the outdated system?

Thanks again.

Edited by mikey8811
Link to comment
Share on other sites

9 hours ago, mikey8811 said:

Which of the updates from your repository should I install just to be as safe as possible given the outdated system?

The minimum required should be the Servicing Stack update and the Monthly Rollup. Don't forget about the SHA-2 update to install updates newer than September 2019 (though it renders WU useless, since it bumps the build number to 6003).

I actually need to update the repository with January's MR (you can just get it from here for now).

Link to comment
Share on other sites

  • 2 months later...
On 4/6/2020 at 6:58 AM, greenhillmaniac said:

That happened to me in Windows 7 when also trying to install recent .NET updates. I think W7 actually received some update about outdated certificates as opposed to Vista. I solved it by importing a MS certificate that Vista and 7 don't ship with.

https://mega.nz/file/V0YUDaaB#5pxXFo__HTkkK3suk0qQq2WnyMv1Kaf6FXzxJnNhVfw

Run the following command with Admin rights to install it (replacing the path with the one where you downloaded the certificate)


certutil -addstore "Root" "c:\cacert.cer"

 

this MS Certificate Authority 2011 certificate is still available for download from MS support article 3149737

 

 

Link to comment
Share on other sites

  • 2 weeks later...
On 4/6/2020 at 8:58 AM, greenhillmaniac said:

Run the following command with Admin rights to install it (replacing the path with the one where you downloaded the certificate)


certutil -addstore "Root" "c:\cacert.cer"

 

Hi greenhillmaniac:

If the user saves the MicrosoftRootCertificateAuthority2011.cer certificate file in the root directory of C:\ (i.e., C:\MicrosoftRootCertificateAuthority2011.cer) is the correct syntax of the command certutil -addstore "Root" "C:\MicrosoftRootCertificateAuthority2011.cer" ?

Edited by lmacri
Link to comment
Share on other sites

19 hours ago, lmacri said:

Hi greenhillmaniac:

If the user saves the MicrosoftRootCertificateAuthority2011.cer certificate file in the root directory of C:\ (i.e., C:\MicrosoftRootCertificateAuthority2011.cer) is the correct syntax of the command certutil -addstore "Root" "C:\MicrosoftRootCertificateAuthority2011.cer" ?

Yes, it should work.

Link to comment
Share on other sites

58 minutes ago, greenhillmaniac said:

Yes, it should work.

Thank you for confirming.

And just an FYI that I know of several Vista  SP2 users performing a clean reinstall of their OS who have reported that your suggestion <here> to apply the MicrosoftRootCertificateAuthority2011.cer certificate file fixed the error 800B0109 ("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider") that Windows Update now throws when it tries to install KB4014984 (Security and Quality Rollup for NET. Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Vista SP2 and Server 2008 SP2: April 11, 2017).  I decided to add a footnote to my instructions in the MS Answers thread Updates not working, it has been searching for updates for hours (where I post as user Great White North) in April 2020 and alert users to your solution since this problem installing KB4014984 has become so common.

Edited by lmacri
Link to comment
Share on other sites

3 hours ago, lmacri said:

I decided to add a footnote to my instructions in the MS Answers thread Updates not working, it has been searching for updates for hours (where I post as user Great White North) in April 2020 and alert users to your solution since this problem installing KB4014984 has become so common.

I've also used that post for my own Vista installs! Thanks.

Link to comment
Share on other sites

  • 1 year later...

I am facing a similar problem with Win Vista Starter 32 bit recently. But it does not seem to be connected with the certificate mentioned above and KB4014984 as the steps mentioned above were carried out properly. Event Viewer shows CAPI2 Error -- Event ID 11 -- A method to fix this issue was attempted but it did not solve. As soon as the PC is started within 5 minutes this error starts filling-in in Event Viewer > Windows Log > Applications

The error is seen in Event Viewer as--  Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

The link mentioned is working and I was able to download the authrootstl.cab and unzip it to find the authroot (Certificate Trust List). The images are attached.

I even right clicked it and it got installed also. This particular certificate is valid till December 2021. In this certificate as it can be seen in the images attached -- The certificate is OK.

Also the steps as mentioned in -- https://support.microsoft.com/en-us/topic/3acf0348-0f81-7c79-7029-a7c6c861cdfc

were carried out but it did nit solve the problem.  Why the error CAPI2 ? Any solution.... please guide.

MSFN.zip

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...