Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4107 Source: Microsoft-Windows-CAPI2

Level
Description
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab (http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab) > with error: <error description>
Comments
 
Error: "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." - According to ME2328240, this error occurs because the certificate "Microsoft Certificate Trust List Publisher" expired. See the article on how to clear the expired certificate from the cache.
Error "The data is invalid." - From a support forum: "I have found the source of my error.  It ended up being McAfee. To determine the cause of the CAPI2 error, I enabled CAPI2 logging in the event log. You can do this by go to Applications and Services Logs\Microsoft\Windows\CAPI2\Operational in the event viewer. Choose operational and enable logging.
I noticed my error occurred every time I rebooted, so rebooted the server and checked that event log by nativating to Applications and Services Logs\Microsoft\Windows\CAPI2\Operational.  One of the log items indicated an error and mentioned a mcafee exe. I removed McAfee and rebooted.  The error is gone."
One can use the same methodology to determine the root cause of the CAPI2 errors (by enabling logging).
Error: "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." - In this specific case the cab file from the link was downloaded manually. The only file in it was authroot.stl. This is a certificate trust list but the signing certificate was not valid mking the installation fail. Eventually this should be corrected from Microsoft.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...