Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 11 Source: Microsoft-Windows-CAPI2

Description A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Based on my research the issue can be caused by corrupted certificate data on the server. I suggest you try the following steps to test the issue:

1. Backup and delete the contents of the following folders:


2. Backup and delete the certificates listed under "Certificates" key:


Then restart the server to check the result.
As per ME976235, this issue may be caused by conflicts with antivirus and other security programs or if your currently logged on user account does not have sufficient permissions to write to the temporary (Temp) folder. The article provides a workaround.
As per T734018, The automatic Root Certificates Update component downloads a cabinet (.cab) file to the temporary directory on the local computer, extracts the contents of the file, and then updates the root certificate list. The correct permissions must be applied to the temporary directory in order for the cabinet file to install correctly. This event may be recorded if the permissions for this temporary directory are not right. See the article for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.