Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: 0x800b0101.
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the third-party root list?
What is a cab?
In an enviroment with proxy you need to run the command:
proxycfg -p proxy:80 "<local>"
Change "proxy" to your proxy name and change the port accordingly. This solved it for me.
The 0x800B0101 error means CERT_E_EXPIRED or "This certificate trust list is not valid. The certificate that signed the list is not valid."
From a post from a MS engineer: "It appears that your system is attempting to download an expired update of the the trusted root authorities. If your applications using SSL are working ok this is not a problem and will likely be a transient issue."
From a newsgroup post: "I have manage to solve the this error by downloading the authrootstl.cab manually and installed the certifcate manually too. I have not seen the error event anymore since then. I also replaced the crypt32.dll just to be on the safe side."
Analyzing the Update.log and iuhist.xml files may provide additional information on why this error occured
* * *
According to Microsoft you should check permissions on the temporary directory where the cabinet files is downloaded:
- Navigate to the temporary directory on the local computer. By default, the temporary directory is located at %userprofile%\AppData\Local\Temp.
- Right-click the temporary directory, and then click Properties.
- Click the Security tab.
- Ensure that the user account logged on to the computer has Full Control permissions.
You can verify that the Automatic Root Certificates Update component is working properly by using a Web browser to open a Web site that requires the Automatic Root Certificates Update component. When you open this Web site, a new root certificate is downloaded from the Microsoft Windows Update Web site. If the certificate is downloaded successfully, Event ID 1 in the Microsoft-Windows-CAPI2 event source will be written to the event log.
* * *
Error: The directory name is invalid. - A Microsoft support engineer considered that this is caused by a revoked certificate and recommended ME329433 for a hotfix.
I had this problem and in my the system time was wrong, it was 2080 not 2003 so the certificates where no longer valid. I don't know who or how the system time was changed, but I saw w32time event id's in the event log as well.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated