Event ID 12 "Successful auto delete of third-party root certificat

Posted: 07-16-2008, 09:24 AM
Hello,

I've been unable to find out why the Update Root Certfiicate component is
auto deleting an auto installed 3rd party root certificate.

Any help with the following closely related questions would be much
appreciated

- In what circumstances does URC automatically delete a 3rd party root
certificate?
- Are such automatic deletions specific to Vista?
- Can such deletions be disabled (without disabling URC?)


For example, a Vista laptop obtains a certificate on the 2nd of July, but
the certificate is automatically deleted on the 3rd of July.

Here's the application event log extract.

Level Information
Date and Time 02/07/2008 13:50:52
Source Microsoft-Windows-CAPI2
Event ID 1
Task Category None
Description Successful auto update of third-party root certificate::
Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
Sha1
thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.


Level Information
Date and Time 03/07/2008 15:39:07
Source Microsoft-Windows-CAPI2
Event ID 12
Task Category None
Description Successful auto delete of third-party root certificate::
Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
Sha1
thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> “



Event ID 12 "Successful auto delete of third-party root certificat


Responses to "Event ID 12 "Successful auto delete of third-party root certificat"

Mark H
Guest
Posts: n/a
 
Re: Event ID 12 "Successful auto delete of third-party root certificat
Posted: 07-16-2008, 12:17 PM
Some clarity is needed:
The first assumption being made is that you are using Vista.
(Event ID 12 is different in the various versions of windows.)

In Vista, Event ID12 is the following...
The device device_name disappeared from the system without first being
prepared for removal.
(A hot detach of a removable device.)

Example: http://support.microsoft.com/kb/945926


Back to 3rd party root certificates auto-deleting...
Are you attempting to program the effect in your application, or disable the
effect on your machine?
CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE
Setting this flag inhibits the auto update of third-party roots from the
Windows Update Web Server.
Note: Unless the comuputer this certifcate is being applied to has Server
updates, this function will not work.

Basics of certificate update operation:
http://www.tech-faq.com/root-certificate-update.shtml
(Disabling of the function may cause other problems.)

Preventing auto-deletion per user requires that _each user_ add the
certificate to the Trusted Root Certificate Authorities repository. If this
is not done, the certificate will auto-delete each time the user logs out of
Internet Explorer.
http://www.thebitguru.com/articles/1...indows%20Vista



"GOODAY" <GOODAY@discussions.microsoft.com> wrote in message
news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...
> Hello,
>
> I've been unable to find out why the Update Root Certfiicate component is
> auto deleting an auto installed 3rd party root certificate.
>
> Any help with the following closely related questions would be much
> appreciated
>
> - In what circumstances does URC automatically delete a 3rd party root
> certificate?
> - Are such automatic deletions specific to Vista?
> - Can such deletions be disabled (without disabling URC?)
>
>
> For example, a Vista laptop obtains a certificate on the 2nd of July, but
> the certificate is automatically deleted on the 3rd of July.
>
> Here's the application event log extract.
>
> Level Information
> Date and Time 02/07/2008 13:50:52
> Source Microsoft-Windows-CAPI2
> Event ID 1
> Task Category None
> Description Successful auto update of third-party root
certificate::
> Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,
C=BE>
> Sha1
> thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.
>
>
> Level Information
> Date and Time 03/07/2008 15:39:07
> Source Microsoft-Windows-CAPI2
> Event ID 12
> Task Category None
> Description Successful auto delete of third-party root
certificate::
> Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
> Sha1
> thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> "
>
>
>

GOODAY
Guest
Posts: n/a
 
Re: Event ID 12 "Successful auto delete of third-party root certif
Posted: 07-16-2008, 12:45 PM
Hello Mark,

Many thanks for your reply.

As indicated in the original post, the example event log was from Vista and
the event log export is exactly as shown, so event ID 12, when viewing the
application log at least, is a the certificate auto delete.

The questions were

Q - In what circumstances does URC automatically delete a 3rd party root
certificate?

A - If I understand your reply correctly, the certificate will be deleted in
all instances
when a user exits Internet Explorer (please confirm)

Q - Are such automatic deletions specific to Vista?
A- ?

Q - Can such deletions be disabled (without disabling URC?)
A - No, user must add manually to the Trusted Root Certificate Authorities
repository
or else disable the Update Root Certificate Component (please confirm)

Many thanks,

Andrew



"Mark H" wrote:
> Some clarity is needed:
> The first assumption being made is that you are using Vista.
> (Event ID 12 is different in the various versions of windows.)
>
> In Vista, Event ID12 is the following...
> The device device_name disappeared from the system without first being
> prepared for removal.
> (A hot detach of a removable device.)
>
> Example: http://support.microsoft.com/kb/945926
>
>
> Back to 3rd party root certificates auto-deleting...
> Are you attempting to program the effect in your application, or disable the
> effect on your machine?
> CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE
> Setting this flag inhibits the auto update of third-party roots from the
> Windows Update Web Server.
> Note: Unless the comuputer this certifcate is being applied to has Server
> updates, this function will not work.
>
> Basics of certificate update operation:
> http://www.tech-faq.com/root-certificate-update.shtml
> (Disabling of the function may cause other problems.)
>
> Preventing auto-deletion per user requires that _each user_ add the
> certificate to the Trusted Root Certificate Authorities repository. If this
> is not done, the certificate will auto-delete each time the user logs out of
> Internet Explorer.
> http://www.thebitguru.com/articles/1...indows%20Vista
>
>
>
> "GOODAY" <GOODAY@discussions.microsoft.com> wrote in message
> news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...
> > Hello,
> >
> > I've been unable to find out why the Update Root Certfiicate component is
> > auto deleting an auto installed 3rd party root certificate.
> >
> > Any help with the following closely related questions would be much
> > appreciated
> >
> > - In what circumstances does URC automatically delete a 3rd party root
> > certificate?
> > - Are such automatic deletions specific to Vista?
> > - Can such deletions be disabled (without disabling URC?)
> >
> >
> > For example, a Vista laptop obtains a certificate on the 2nd of July, but
> > the certificate is automatically deleted on the 3rd of July.
> >
> > Here's the application event log extract.
> >
> > Level Information
> > Date and Time 02/07/2008 13:50:52
> > Source Microsoft-Windows-CAPI2
> > Event ID 1
> > Task Category None
> > Description Successful auto update of third-party root
> certificate::
> > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,
> C=BE>
> > Sha1
> > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.
> >
> >
> > Level Information
> > Date and Time 03/07/2008 15:39:07
> > Source Microsoft-Windows-CAPI2
> > Event ID 12
> > Task Category None
> > Description Successful auto delete of third-party root
> certificate::
> > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
> > Sha1
> > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> "
> >
> >
> >
>
>
>
Mark H
Guest
Posts: n/a
 
Re: Event ID 12 "Successful auto delete of third-party root certif
Posted: 07-16-2008, 01:44 PM
See in-line.

"GOODAY" <GOODAY@discussions.microsoft.com> wrote in message
news:4E2F0BAA-5CFD-4062-AA1A-26BF5C11056B@microsoft.com...
> Hello Mark,
>
> Many thanks for your reply.
>
> As indicated in the original post, the example event log was from Vista
and
> the event log export is exactly as shown, so event ID 12, when viewing the
> application log at least, is a the certificate auto delete.
>
I have no doubt that you gave the proper information. Just pointing out the
MS doesn't associate the two.
> The questions were
>
> Q - In what circumstances does URC automatically delete a 3rd party root
> certificate?
>
> A - If I understand your reply correctly, the certificate will be deleted
in
> all instances
> when a user exits Internet Explorer (please confirm)
This is my understanding, but response differs depending upon UAC and IE 7
Protected mode setup.
Additionally, some server updates to computers allow 3rd party certificates
to survive when the flag discussed is set to false, .NET is
disabled/uninstalled, URC is uninstalled, or the certificate is added to
the Trusted repository by the user (which requires Admin rights.) This
process can be automated within installation files, but not directly from
the web without additional UAC interaction. Automated files would require
manifests designating elevated access.
>
> Q - Are such automatic deletions specific to Vista?
> A- I believe this is true, but recent changes to XP / IE7 may include the
same functionality? I'm not sure where the UAC/Protected mode boundary
breaks this function as I have not tested it. It is discussed as being
applicable to XP SP2 in the following presentation:
http://msevents.microsoft.com/CUI/We...CountryCode=US
>
> Q - Can such deletions be disabled (without disabling URC?)
> A - No, user must add manually to the Trusted Root Certificate
Authorities
> repository
> or else disable the Update Root Certificate Component (please
confirm)

Again, my understanding. Note: User addtion to TRCA requires Admin rights
(UAC approval)
MSDN/TechNet has a rather lengthy white-paper on this, but I was unable to
find it again.
Disabling URC is again a UAC level function accomplished either in Group
Policies or by uninstallation. Several Google hits indicate that URC
re-installs itself, meaning a stronger understanding is needed here on how
to permanently disable it.

Since I do not understand the exact situation/need, here are some additional
references:

Advanced Certificate Enrollment and Management:
http://www.microsoft.com/technet/pro...y/advcert.mspx

Active Directory Certificate Server Enhancements
http://www.microsoft.com/downloads/d...displaylang=en

While these point to Windows 2003 Server and XP applicability, they are
strongly crossed over into Vista.

So, in the end, I only half-answered your questions.
>
> Many thanks,
>
> Andrew
>
>
>
> "Mark H" wrote:
>
> > Some clarity is needed:
> > The first assumption being made is that you are using Vista.
> > (Event ID 12 is different in the various versions of windows.)
> >
> > In Vista, Event ID12 is the following...
> > The device device_name disappeared from the system without first being
> > prepared for removal.
> > (A hot detach of a removable device.)
> >
> > Example: http://support.microsoft.com/kb/945926
> >
> >
> > Back to 3rd party root certificates auto-deleting...
> > Are you attempting to program the effect in your application, or disable
the
> > effect on your machine?
> > CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE
> > Setting this flag inhibits the auto update of third-party roots from
the
> > Windows Update Web Server.
> > Note: Unless the comuputer this certifcate is being applied to has
Server
> > updates, this function will not work.
> >
> > Basics of certificate update operation:
> > http://www.tech-faq.com/root-certificate-update.shtml
> > (Disabling of the function may cause other problems.)
> >
> > Preventing auto-deletion per user requires that _each user_ add the
> > certificate to the Trusted Root Certificate Authorities repository. If
this
> > is not done, the certificate will auto-delete each time the user logs
out of
> > Internet Explorer.
> >
http://www.thebitguru.com/articles/1...indows%20Vista
> >
> >
> >
> > "GOODAY" <GOODAY@discussions.microsoft.com> wrote in message
> > news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...
> > > Hello,
> > >
> > > I've been unable to find out why the Update Root Certfiicate component
is
> > > auto deleting an auto installed 3rd party root certificate.
> > >
> > > Any help with the following closely related questions would be much
> > > appreciated
> > >
> > > - In what circumstances does URC automatically delete a 3rd party root
> > > certificate?
> > > - Are such automatic deletions specific to Vista?
> > > - Can such deletions be disabled (without disabling URC?)
> > >
> > >
> > > For example, a Vista laptop obtains a certificate on the 2nd of July,
but
> > > the certificate is automatically deleted on the 3rd of July.
> > >
> > > Here's the application event log extract.
> > >
> > > Level Information
> > > Date and Time 02/07/2008 13:50:52
> > > Source Microsoft-Windows-CAPI2
> > > Event ID 1
> > > Task Category None
> > > Description Successful auto update of third-party root
> > certificate::
> > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign
nv-sa,
> > C=BE>
> > > Sha1
> > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>.
> > >
> > >
> > > Level Information
> > > Date and Time 03/07/2008 15:39:07
> > > Source Microsoft-Windows-CAPI2
> > > Event ID 12
> > > Task Category None
> > > Description Successful auto delete of third-party root
> > certificate::
> > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,
C=BE>
> > > Sha1
> > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> "
> > >
> > >
> > >
> >
> >
> >

 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
No errors but receive "Installation was not successful" Npham Windows Vista Install & Setup 3 02-21-2007 04:17 PM
"root\cimv2" works but "root\wmi" doesnt? Mark Williams Windows XP WMI 0 12-18-2006 02:15 PM
Constant "Event System" warning showing in Event/Application Viewer Jimmy Windows XP Performance & Maintenance 2 11-02-2003 04:11 PM
Fixing root problem generating these event messages Kent Windows XP Setup 0 08-08-2003 03:50 PM
Successful fax, yet error 32016 in event viewer Groundhog Windows XP Printers / Scanners / Fax 3 07-06-2003 01:42 AM