Crypt32: Failed auto update retrieval of third-party root list sequence

Posted By PhilEddies on Aug 10, 2009 | 13 comments


“crypt32 Event ID: 8

Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.”

If like me you find the above message reported hundreds of times in your event logs here is what is going on.

Cypt32 from what I understand is a subsystem that gets used by several products including Mcafee, Crpt32 likes to go off to the internet to get updated root lists, however if you have a proxy server you have to tell crpt32 to use it.

On each client that is getting the message you will need to run

%SystemRoot%\System32\proxycfg.exe -u

There are several switch you could use the -u switch simply imports you Internet Explorer settings.

I triggered the above command from a login script on all of our clients but first I had to create a GPO to modify the registry permissions as the default is users cannot run this command due to not having write access to a reg key. Please comment if you would like more info.

You alternatives are to punch a hole in your firewall or proxy, or you could just live with the message.

13 Comments

    • No probs, just glad I could help

      Post a Reply
  1. hi!

    we’re experiencing this error left and right on our more than 1000 xp machines

    and the kb article is askin’ me to do it all manually

    when you said you execute the command %SystemRoot%\System32\proxycfg.exe -u how if i may, step-by-step if you don’t mind?

    thanks in advance

     

    >oliver

    Post a Reply
  2. What is this message is appearing in the Event Viewer of a standalone system (minus the proxy)? It would seem that the same root certificate issue may not apply equally. Any thoughts?

    Post a Reply
  3. The message is caused because Crypt32 on the effected computer(s) is unable to connect to the Internet, generally this is because there is a proxy or a Firewall in the way but if the computer is standalone i.e. not connected to the Internet I would imagine you will get the same Crypt32 error.

    Post a Reply
  4. No problem, glad it helped

    Post a Reply
  5. Hi everyone!

    I have this error in my event viewer and I have a proxy on my net but I can't understand why appears this message because I haver an internal WSUS configured and the machine that has this problem has configured correctly to update to internal WSUS.

    Anyone can help me?

    Thank you

    Post a Reply
  6. Hi,

    This exact message has nothing to do with WSUS the message is generated because the crypt32 is unable to get to on the Internet to perform it's certificate update. The Windows Update on the client however does use proxycfg.exe -u

    Crypt32 does not use Internet Explorers proxy settings and instead uses the proxy setting configured with the tool %SystemRoot%\System32\proxycfg.exe

    Running the command %SystemRoot%\System32\proxycfg.exe -u on the effected computer(s) will import the Internet Explorer proxy setting so crypt32 can get on the net.

    The other option is to put a hole in your firewall.

    I hope this helps, let me know if you need any more info.

    Post a Reply
  7. This also solves my issue. Thanks for posting, this is very helpful.

    Post a Reply
  8. Hi, brilliant work, thanks for sharing this, thought I’d point out a typo. ‘punch a whole in your’ should be hole.

    Post a Reply
  9. Hi,

    I run a network in an offline environment, this includes WSUS (we get the updates from somewhere else network enabled and import them).

    My question is to get rid of the errors can I put the ip of the wsus box in the proxy and use the proxycfg root or is there a way to stop/disable the certificate service on the xp 32 workstation? and if there is what effects could this have on the system?

    Thanks

    Post a Reply
  10. I putting your WSUS server into proxycfg will not work but you can turn off the feature.

     

    To turn off the Update Root Certificates component.

    To turn off the Update Root Certificates component, follow these steps:

    In Control Panel, double-click Add/Remove Programs.
    Click Add/Remove Windows Components.
    Click to clear the Update Root Certificates check box, and then continue with the Windows Components Wizard.

    Or, by using a GPO turn off the option.

    Computer Configuration – Administrative Templates – System – Internet Communication Settings
    "Turn off Automatic Root Certificates Update”
    but consider the problems by not updating your CA's

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Share This

Share This

Share this post with your friends!