Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 11 Source: crypt32

Failed extract of third-party root list from auto update cab at: <> with error: 0x800b0101.
In an enviroment with proxy you need to run the command:

proxycfg -p proxy:80 "<local>"

Change "proxy" to your proxy name and change the port accordingly. This solved it for me.
The 0x800B0101 error means CERT_E_EXPIRED or "This certificate trust list is not valid. The certificate that signed the list is not valid."

From a post from a MS engineer: "It appears that your system is attempting to download an expired update of the the trusted root authorities. If your applications using SSL are working ok this is not a problem and will likely be a transient issue."

From a newsgroup post: "I have manage to solve the this error by downloading the manually and installed the certifcate manually too. I have not seen the error event anymore since then. I also replaced the crypt32.dll just to be on the safe side."

Analyzing the Update.log  and iuhist.xml files may provide additional information on why this error occured

* * *

According to Microsoft you should check permissions on the temporary directory where the cabinet files is downloaded:
- Navigate to the temporary directory on the local computer. By default, the temporary directory is located at %userprofile%\AppData\Local\Temp.
- Right-click the temporary directory, and then click Properties.
- Click the Security tab.
- Ensure that the user account logged on to the computer has Full Control permissions.

You can verify that the Automatic Root Certificates Update component is working properly by using a Web browser to open a Web site that requires the Automatic Root Certificates Update component. When you open this Web site, a new root certificate is downloaded from the Microsoft Windows Update Web site. If the certificate is downloaded successfully, Event ID 1 in the Microsoft-Windows-CAPI2 event source will be written to the event log.

* * *

Error: The directory name is invalid. - A Microsoft support engineer considered that this is caused by a revoked certificate and recommended ME329433 for a hotfix.
I had this problem and in my the system time was wrong, it was 2080 not 2003 so the certificates where no longer valid. I don't know who or how the system time was changed, but I saw w32time event id's in the event log as well.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.