Over 1 million tech questions and answers.

Active Directory root CA certificate missing from Windows 7 Trusted Root Certification Authorities store

Q: Active Directory root CA certificate missing from Windows 7 Trusted Root Certification Authorities store

We are experiencing this problem with a few workstations and laptops and what we are currently doing is exporting the CA certificate from a workstation that has it in its store and importing it. The problem with this is that the certificate will eventually
expire and we will have to re import a new one again. I don't believe it is a group policy issue because other computers in the same OU are not missing the certificate.

Cany anyone shed light on how to troubleshoot this or how to force (if possible) the workstation to download the CA certificate?

Thank you in advance.

Read other answers
Preferred Solution: Active Directory root CA certificate missing from Windows 7 Trusted Root Certification Authorities store

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)


I have setup a test network to try 802.1x and have stumbled across an issue with the with the "Trusted Root Certification Authorities". No matter which authority I select, the client connects anyways - although the connection should not be established.
To clarify:
Radius Server RadA has received it's certificate from the domain CA CADOM.
Now on the Windows 7 Client I have set "Validate Server Certificate" and just selected GeoTrust Global CA - so some CA that definitely has NOT signed the Radius server's certificate. 
The client connects without any issues - this should not be the case according to my understanding. I expect the client to deny the connection, because the certificate presented has been signed by CADOM and not by the allowed GeoTrust.
Can somebody explain this behavior?


Read other answers

if i delete these what will happen.... i have no "trusted publishers" but i do a bunch of "trusted root certification authorities"


A:trusted root certification authorities

If you delete all your root certificates, you will get a security alert when your browser attempts to establish an SSL connection. The alert will say that the root certificate is not trusted and will ask you if you wish to continue or not.

Any particular reason you want to delete these?

Actually, now that I am thinking of, there may be other problems that occur is you delete these. I'm thinking of things like Microsoft digitally signed drivers and such. Some of those certificates may be needed for things other than an SSL connection. I don't know.

Read other 2 answers

A week ago, I installed a fresh Win7 Home Premium on my laptop-A. After all the Windows Updates, I took a look inside the Trusted Root Certification Authorities, I found some entries appear twice. e.g. there are two Thawte Premium Server CA, and few other entries I known not there.

I check my another laptop-B which had been used for 3 months. the certification entries there are correct.

1 week later, I have a look at laptop-A again, some entries changed and there're still two Thawte Premium Server CA.

I wonder what's going on and how to fix it? does the root certification get updated itself automatically?

A:Trusted Root Certification Authorities in IE8

Welcome to Seven Forums Summer4Ever. They are updated on a "as needed" basis. As you visit a site, they will be checked and updated.

Root certificates on Windows Vista and later are distributed via the automatic root update mechanism ? that is, per root certificate. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks Microsoft Update for the root certificate. If it finds it, it downloads the current Certificate Trust List (CTL) containing the list of all trusted root certificates in the Program, and verifies that the root certificate is listed there; it then downloads the specified root certificate to the system and installs it in the Windows Trusted Root Certification Authorities Store. If the root certificate is not found, the certificate chain is not completed, and the system returns an error. To the user, a successful root update is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically. In addition, Windows Vista and later client SKUs support weekly pre-fetching from Microsoft Update to check for updated root certificate properties (for example, extended validation (EV), code signing or server authentication properties, which are certificate properties added to a root certificate). ... Read more

Read other 1 answers

I always get these little windows that pop up telling me about certifications blah blah blah and that the other page has expired etc. I get this when I do my online banking, credit billing, and hotmail reading. Is there anything I can do to stop this annoyance?


A:Disabling notifications of trusted root certification authorities

Read other 9 answers

I've a very nasty issue with root CA certificate that's disappearing from the trusted root authorities store. I'll shortly describe the environment: 
- Two tier PKI infrastructure with a offline, standalone root CA and a domain joined Enterprise issuing CA (both W2012R2); root CA certificate is published in AD
- There's a parent and child domain. Issuing CA lives in parent domain (2012R2 domain&forest level)
- Employees are working on a 2012R2 RDS&Citrix XenApp 76 server in the child domain
- In the parent domain several servers are using a SSL certificate signed by the company owned issuing CA; it's a SAN certificate
- The root CA's certificate is in the Trusted Root Certification Authorities store of all member servers in parent & child domain (so, that's also valid for the 2012R2 RDS servers)
The issue is that the certificate of the root CA that's in the trusted CA store of all RDS servers is being deleted on a regular base (at least once a day on each RDS-server). I enabled CAPI2 logging, but I couldn't find anything that makes sense. However
I'm able to reproduce this issue in very simple way: if I start IE11 on a RDS-server and browse to the IP-adres or NETBIOS-name of a webserver that host a site that's using a certificate from our PKI (so, it's clear that the URL isn't matching the names entered
in the SAN certificate) and I click on 'Continue to this website (not recommended)', the root CA's certificate is being removed from trusted... Read more

Read other answers

We are experiencing issues only on Vista Home Edition removing an SSL cert from the Trusted Root Authorities with no warning display or anything.

We have gone through all logs, etc, with no resolution to why this is happening. It appears to happen about every 2 weeks.

The easy fix is placing the cert back into Trusted Root Authority, but we need an explanation.

Read other answers

I am trying to install CA root certificate on Windows 7, IE 9.
Encounter error: "Untrusted Certificate".  "This certificate cannot be verified up to a trusted certificate authority."
I have tried to install the certificate to Trusted Root Certificate Authorities->local computer and import was successful. BUT on IE->Internet Options->Certificate->Trusted Root Certificate Authorities, I am unable to find this root CA on
the list.
On mmc->Certificates->Trusted Root Certificate Authorities->certificates, I am able to view this root CA.
I then restarted the IE and view the ssl site again but failed too, "Untrusted Certificate".
Anyone, any idea ?
Eye Gee

A:Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

May the following workarounds work for you:
Workaround 1:
Modify the Windows settings to allow the Update Root Certificate feature to update the root certificates automatically. For details, see the following Microsoft TechNet article:
Certificate Support and Resulting Internet Communication in Windows Server 2008
Workaround 2?
If the Update Root Certificate feature cannot automatically update the root certificates, you may contact the website vender to see if there is a hotfix can fix the issue.

Read other 8 answers

Is there a Powershell or WMI script that we can run to find out whether remote computers have the trusted root certificate installed on their computers?  


Read other answers

https://internalwebsite.domain.local has a self-generated certificate. I browse to that site, I get a certificate warning about how it's not issued by a trusted certification authority. as expected.

I click continue, I click the certificate error, I click view certificates. issued to internalwebsite.domain.local, issued by internalwebsite.domain.local. I click install certificate, I put it in my local machine's Trusted Root Certification Authorities
store. I exit out and close IE. I open MMC certificates snap-in and verify that the certificate is in the Trusted Root Certification Authorities store.

I go back to the site, I still get an error saying the certificate was not issued by a trusted certificate authority.

same thing if I put the cert in the current user's trusted root certification authorities store.

Read other answers

(I'm cross posting this from
https://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/a-certificate-chain-processed-but-terminated-in-a/e6895c7e-c6b9-4a96-a5f5-a4dcd40b7b45 as directed by the forum moderator there.)

First, I have reviewed the other posts with similar questions and noted that I can install the certificate into root certificates and most likely this problem will go away, some specifics:

1) When a client reported this error using a pop.secureserver.net on an outlook 2003 client, I just figured it was godaddy or the REALLY old Outlook client, but nonetheless, I went in to troubleshoot it and was convinced it was godaddy, but when I tried
to start my Outlook 2016 client on my Windows 10 computer on their network, I got the same error.  Two notes are important: 1) I use godaddy as well and 2) I used the same computer at a different client just yesterday without a single error message.
2) They use POP 995 w/ SSL & SMTP 465 w/ SSL to pop.secureserver.net & smtpout.secureserver.net repsectively
3) I called the company that manages their firewall and was told that everything was fine, but was sent a certificate from the firewall that might fix the problem.
4) The firewall company tells me they use a fortinet firewall

I have some questions that I'm hoping one of the experts here can answer for me:

- What in a firewall setup can cause a certificate to fail as listed in the subject?
- Is there a port or configuration change they... Read more

Read other answers

I have some Windows 7 systems which have not run Windows Updates for many years, and cannot due to regulatory reasons.   We rely upon Windows to automatically update the Trusted Root Certificate store whenever we browse to a web site/web service
that uses a certificate the system doesn't recognize. 
Sometime recently, the Trusted Root Certificate Store no longer updates automatically.  The Windows Event Log shows an error stating that the certificates cannot be downloaded from:
http : // ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
If we browse to this location manually, the cab file contains an invalid Microsoft certificate. 

This was also an issue in Sept 2018.  At that time, the certificate had expired, and Microsoft eventually updated the certificate to resolve the issue.   This time, the certificate does not appear to have expired.  Why is the certificate
invalid this time, and can Microsoft fix it again?


Read other answers


After Install Windows 7 and windows 10 on  trusted  root certificate  i get minimal Certificate i need all Certificate 

for example ( verisign, comodo)

i work offline ,  no Wsus Server 

Read other answers

I'm looking to put AD onto new 2000 servers (two at the moment) and can't decide what to call the root and what implications it has.

We have companyname.com already registered, with three sites and various departments at each site. The companyname.com is hosted by an external isp.

I've been told if i use that name as the internal AD starting point, it will cause internal users problems with resolving web sites?

I know a bit about servers, but pretty much nothing about DNS, can you suggest what to do?

A:Deciding the name of Active Directory root

i recently set up AD on a small network. the AD wizard + microsoft tutorials state that if you have a internet registered name, to use that as the root name of you AD.

Try www.technet.com for details.

Read other 1 answers

I have discovered a huge number of similar files in the root directory of my C drive.  They all have names that start with "UDMFT" and end in 6 digits. The first one is 2,836,257 KB; and all the others are 1KB.  There is no extension on any of them.  I have looked at a couple of the smaller ones with Notepad, but they are unintelligible.  They were all created on 1/18/2015.
The second thing I wanted to ask about is all the TEMP***ROOT folders in the root directory.  The asterisks represent what mostly looks like filename extensions.  Almost all of them were created in March of 2014. I think this was when we were cleaning malware from this laptop.  I tried to find the topic, but couldn't.  I hesitate to say who I think was helping me, because I'm not 100% sure.
Can I safely delete these Temp folders?

A:Strange files in Root Directory amd multiple Temp***root folders

Don't delete things manually you might break something. To help clean up a lot of this stuff you right click your C drive. Go to properties under general tab 'disk cleanup' and then click 'clean up system files' button. Select what you want to delete. Careful though there are memory dumps, restore points and downloaded microsoft updates in there as well that you may want to keep. They can grow very large in size. However, they are all safe to delete through disk clean up. As an example on a Windows 7 updated to windows 10 you can delete the Windows 7 backup in there as well. Doing so you can't choose to go back to Windows 7. I made a clone of Windows 7 prior and after Windows 10 so for me I deleted it all & regained 20-30G's of disk space.

Read other 1 answers

When I start up my computer this is what comes up. I put a copy on a floopy disk and now when it loads up, all I get is A;\ . Now what is the next step, I don't have any Windows CD's

A:(Windows Root) Directory c>\system32\hal.dll is missing or corrupt

Read other 8 answers

On a client machine running Windows 7 Professional there is only smartcard and registry option available. I need to import a certificate to computer account - trusted root CA.
MMC - Add/Remove - Certificates - Local Computer

Read other answers

SOmetime i face issues with the root certificates on a newly deployed machine.
Once the fully patches image is deployed and joined the domain -- gets all policies etc 
somehow when i browse internet https://google.com or lets say https://bing.com i get certificate errors in IE
We use Windows 7 X64 Ent -- Fully patched
What i realized on the system where i faced this issue is it is missing the 
Equifax Secure Cert Auth / Geo Trust / DigiCert Baltimore Root  
From trusted Root Certificate store

I am not sure why this should happen on a fully patched system and why only on some all the machines are deployed form the same image.
Any advice on how i can get the trusted Root certs -- i do not want to manulaly import each cert 1 by one.

Read other answers


I recently had a very nasty infection (zlob dns changer) Which was apparently a rootkit. I don't actually know what a rootkit is but I was made to understand that it is very bad.

I got a lot of help, first from stang777 and then from Dachew. Dachew helped me for four days until we (he) finally eliminated the rootkit.
I can not sing the praises of him and this forum enough.

I am getting an error message on boot which I assume is related to the former rootkit. It says:

validation failed for c\windows\system 32\ vsinit.dll. you are probably missing a necessary root certificate.

Other than getting the message my computer seems to be working normally.

I would greatly appreciate any advice on what it means and what to do about it.

I hope I posted this in the right place, I am still learning how to use this forum.

A:root certificate missing error

This file is a component of ZoneAlarm Firewall. Try uninstalling and reinstalling ZA.

Let me know if this fixes it.


Read other 17 answers

to the point this link is dead, where can i alternative download this 

Read other answers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:53 AM, on 7/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:... Read more

A:Zone Alarms Missing Necessary Root Certificate

Read other 13 answers

Hi n thanks for checking this post,

It had been months since id been on the internet so yesterday I updated and i ran S&D, AVG, AdAware, and updated Zone alarm from 5.5 to 6 and all was well.

I left my machine running over night, it was still running in the morning but soon after turned itself off.

Now when i turn it on it give me the same error message box, twice. ( after booting into windows )

" Validation failed for C:\WINDOWS\SYSTEM32\VSINIT.dll. Your probably missing nessassary root certificate. "

I didnt go any further and fist tryed rebooting it a couple of times

sometimes the menue apears transparent and sometimes it seems ok and lauches programms no prob.

but each time the same message comes up twice.

i also tryed system restore to an earler time, same message.

also tryed doing a repair from the Windows XP Pro cd, then i get this message

" file \i386\vgaoem.fon could not be loaded. The error code is 32768 set up cant continue. "

Now this gets me worried and after a search i get different solusions, some alien to me and some conflicting; the only one i tried is

at RUN typing sfc/scannow but windows cant find it.

Now im lost and concerned, any help much apreachated. thanks in advance

A:Validation failed, missing root certificate ?? Help!

The commnad is sfc /scannow . notice the space after c and before / . .

Read other 3 answers

I have a window desktop with xp sp3 that cannot boot because the root directory is missing. I have a laptop with windows 7 ultimate and would like to run a bootdisk to boot my desktop. My question is how do I "make" the bootdisk on my window 7 to boot my xp? I want to use a thumb drive to boot the xp desktop.
btw, I already downloaded the ActiveLiveCD and BootDiskDemo-Setup from cnet and elsewhere.


A:missing root directory

The boot disk you can create in Windows 7 will do you no good for your XP desktop. It only has some basic troubleshooting tools and a way to restore your Windows 7 installation from a native backup.
You must repair your XP installation by using the origina XP installation disk; run the installer but choose to repair instead of reinstalling.
Also if you don't have a current backup of your data, you will need to get that done first. If you need to download a rescue disk from the internet, connect an eternal usb drive, boot the machine from the rescue disk and choose any available tools to backup your data.

Read other 14 answers

Hello there guys,

I installed ZoneAlarm free firewall yesterday and during the install i recieved an error message saying "Validation failed for Vsmon.exe, this is probably due to a missing root certificate." ZoneAlarm seemed to install fine but it slowed my firefox and IE browsers down to crawling speed, so i uninstalled it, and they seem to be working fine again. I had a look around on the net for info on this 'missing root certificate' and found out that Vsmon.exe is a ZoneAlarm file and that a missing root certificate on my pc can be caused by Malicious software.

So to sum up my issue and question is that 'if' i have missing root certificates on my pc (and it wasnt related to ZoneAlarm) does it mean that i have some sort of hidden malware or even a rootkit that could be causing damage under my nose?

I have Super Antispyware, Avast Antivirus free edition, MalwareBytes Anti-malware, Spy-Bot S&D and windows defender and firewall. Have run scans with all of these (not in safe mode) with nothing malicious showing up. I'ts probly nothing just want to make sure if possible, and here is my Hijack log cheers.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:01 PM, on 19/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Defender\MSAS... Read more

Read other answers


I am trying to resolve an issue where multiple client computers in the organisation are using an internally deployed Root CA certificate (before my time and no longer required) to sign the end entity certificate for external websites, google.co.uk
for example. All SSL sites appeared to be affected by this.

However this is not the case as sub domains of sites with issues show the correct cert chain, the below is for mail.google.com

Removing or untrusting this root ca cert breaks access to these sites.

I have reset root certs in various ways, removed machines from the domain, applied no GPOs, manually updated CRL and pulled down updated certs with rootsupd.exe.
It always attempts to use this rouge CA cert to sign the websites cert.

Any assistance would be much appreciated.

Read other answers

Ok, so I've run into a very tricky spot:

Yesterday, I successfully resolved a windows update issue (thread can be found here: Unable to get any updates at all: Error 800f0900 ).

Basically, one problem led to another and I ended up having to painstakingly transfer programs from my laptop to a flash drive and then to my desktop. When I finally found out what was the problem with my USB ports not working, I reinstalled the motherboard drivers, and everything seemed to work fine--for the USB 2.0 ports.

Now the USB 3.0 ports aren't working and I have no idea why. I tried downloading intel's drivers from their site and no luck. I tried downloading from the motherboard manufacturer's site and no luck. So, I finally looked at the hardware/device manager: "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)"

A:Intel USB 3.0 root hub and USB root hub registries missing/incomplete?

This could be handy for those might want to help you sorted it out, you to System Info - See Your System Specs

Could those Usb 3.0 drivers branded from another manufacturer?

Read other 3 answers

I am trying to install a vendor?s 64 bit driver on my system running Windows Embedded Standard 7. I am getting errors that the Windows does not have enough information to verify the driver's certificate. 

The vendor has told me that their drivers are digitally signed and that the issue is that my system is not connected to the internet and therefore does not receive windows updates.
They said that if the Windows Root Certificate Program could connect to the internet my issue would be solved.
My system cannot connect to the internet for security reasons. I was wondering if there is any way to fix this issue without connecting to the internet?

Read other answers

Hello friends, I was surfing the web and I found an interesting subject.

Dangerous root certificates are a serious problem. From Lenovo?s Superfish to Dell?s eDellRoot and a number of other certificates installed by adware programs, your computer?s manufacturer or a program you installed may have added a certificate that opens you to attack. Here?s how to check if your certificates are clean.
Read more here:

How to Check for Dangerous, Superfish-Like Certificates on Your Windows PC

how to check your system?

To get started, download Sigcheck from Microsoft. Open the downloaded .zip file and extract the sigcheck.exe file. For example, you could just drag and drop the file to your desktop.

Navigate to the folder containing the sigcheck.exe file you just extracted. For example, if you put it on your desktop, open the Desktop folder in File Explorer (or Windows Explorer, if you?re on Windows 7). Press and hold the Shift key on your keyboard, right-click in the File Explorer window, and select ?Open command window here?.

Type the following command at the command prompt and press Enter:

sigcheck -tv

Sigcheck will download a list of trusted certificates from Microsoft and compare it to the certificates installed on your computer. If there are any certificates on your computer that aren?t on the ?Microsoft Certificate Trust List?, you?ll see them listed here. If everything is good and you don?t have any rogue certificates, you?ll see the ?No cer... Read more

Read other answers

Good day,

I work for a company that uses an ethernet connection and a netgear switch to connect a bunch of trucks together, and then software on the main computer to control all the different trucks and display the data off the trucks, rates, pressures, engine diagnostics etc.

Lately I have had an issue with the software on the main computer locking up. When I checked the event viewer the last couple of times I had a crypt32 error right around the time the software froze. Now I understand why this is happening, because windows is trying to update the root certificates, and I'm not connected to the internet.

The questions I have are:

Do you think it's possible that windows trying to update the root certificates could interfere with the connection between the main computer and the pumps, even for just a split second, to interrupt the software?

And also how would I go about trying to recreate the windows certificate update to see if I can make this issue happen again? Is there a program that runs to update the certificates? I've tried searching the internet and can't find a name or anything. This is the most important part of these questions. Recreating this issue and seeing if it shows up in the event viewer is of the utmost importance to me.

Any help would be greatly appreciated,


Read other answers

Is there a rvkroots.exe available for download for the mentioned KB so that I can remediate a Nessus finding?
We are on a disconnected network so windows update is disabled in our network.
In the past we are able to just download rvkroots.exe and push it out to all our Win7 computers.

Read other answers

Hi guys,

I had installed this mapping tool before applying all the Windows Updates and I got this Untrusted Certificate warning error as shown in the image.

Now, I had reinstalled Windows 10 and ran all the updates and then installed this tool which is a NON-Web version, meaning its a program that runs on the desktop but gathers all the mapping data from Bing Maps and so forth.
After when I launched it this time, that message DOES NOT appear now.

So clearly, it had something to do with a Windows Update that updates all Root Certificates.
But the issue is, I really need to know which update is it so next time I can install this Windows Update myself manually.

Anyone know?

Many thanks!

Read other answers

Windows 7 -64-Bit , 64-Bit Computer CPU System Usage..,                 Everything 64-bit, 8GB Ram
64-Bit then ,32-bit  versions try and format 64-bit.... Third-Party Root Certificates 64-Bit 
Won't Computer& won't read dvd

Read other answers

I need to download/copy a .bin file to the root directory for each opertaing system , I havent a clue how to do this can anyone ( in simple terms) please

kind regards


A:download/transfer .bin file to root directory windows 8/7

What ??? Copy / Paste does not work ???

Read other 4 answers

I have W8.1 on both a laptop and a desktop. When I use File Explorer to find the path to a particular folder resident on a network drive, the root directory main branch "Network" does not appear for some users on the desk top.  For
other users, on the desktop and the laptop, it is there but does not contain the folder (call it "DS") I am seeking. The folder is now within "This PC" for one desktop user and the laptop user, both times "This PC" being a highest
level branch from the root directory. For another user on the desktop, call her K, it is within the "Desktop" primary branch and then within "This PC". All of this would perhaps be of no consequence to me except it is puzzling, but more
importantly an Epson app on the desktop for user K cannot locate folder DS to establish the destination folder for scanned images.
I am reluctant to advance to W10 until I have fixed the problem, or have been assured that W10 will allow the Epson App to find the proper path.  I have uninstalled and reinstalled the Epson app with no change in results.

Read other answers

Can someone walk me through the steps of having Advanced Threat Analytics (ATA) request a new certificate from Active Directory Certificate Services (ADCS)?  I'm not familiar with either product so I will need detailed steps please.  At a high-level
i'm guessing
1. ATA issues a certificate request
2. I send the request to ADCS
3. ADCS issues a cert for that request
4. Install new cert in ATA
I'll need detailed command line statements.  My ATA Center server is named ATASERVER.DOMAIN.ORG, and I but the URL is configured as ATACENTER.DOMAIN.ORG in ATA.  Can the cert handle both the servername and the URL?
Thank you in advance!

Read other answers

We have client machines on IE11 that cannot connect to common websites using https (Facebook, Reddit etc.) because they do not have the Trusted Root Certs installed.
Until 2014 Microsoft released updates to Trusted Root Certificates via KB patches.
Since then they have advised customers to rely upon the process of Windows Update connecting to Microsoft servers to process the CTL (Certificate Trust Lists).
Question 1: Are clients sitting behind a proxy server able to download and process these lists? Our client machines clearly show that they are not able to resolve the update servers, so I assume not.
According to this article from 2014 - https://technet.microsoft.com/en-gb/library/dn265983.aspx

"The list of trusted root certificates is available as a self-extracting IEXPRESS package in the Microsoft Download Center, the Windows catalog, or by using Windows Server Update Services (WSUS). IEXPRESS packages are released at the same time as the trusted
Question 2: Where can I find that/any of those packages?? They are not easy to find, evidently I am searching for the wrong thing via Google/Bing/Windows Update Catalog
If the latter does not/no longer exists, how do we obtain new/replacement Trusted Root Certs, and how should we distribute them around our estate?

Read other answers


I am dealing with big problem on multiple workstations in our company. Many Windows 7 computers and one Windows XP computer have all Root CA certificates not trusted so I cannot import new certificate generate by Certification Authority in our Country.

I noticed this problem recently and after two days on google I couldn't find solution to this.

If I open mmc and select Certificates - > Computer -> Trusted Root Certification Authorities I see all certs on computer but after I check any they show this in General info about Cert:

This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.


This root certificate appears to be trusted by the remote computer. To ensure this root certificate is valid on the remote computer, verify this root certificate on that computer.

This goes for all certs (Microsoft, Thawte, Go Daddy, GeoTrust...) and even for our certificates generated by our internal CA.

We push only Critical and Security Updates from our wsus server. Affected computers have installed all updates.

We have firewall and don't allow full access to internet but I tried to give one computer with this issue full access to internet and reboot couple times but that didn't help.

Screenshots: http://imgur.com/a/HCGWo

Read other answers

Is there a Root Certificate Guru in the house?

Here is my problem.

First I should say I reinstalled Windows XP onto C drive and had my data located on D drive this helps for saving when I get hit with virus's or whatever else. After re-installing on C I try to access the files that I think I encrypted on D I can see them but I cannot copy or use them as I don't have permission to.? If I select the file then advanced properties I see the old me as the owner of the file.

I have tried to apply my root certificate to the files but when I try to add my certificate it will not allow me to?

Any help would be appreciatted. Thanks for reading

A:Root Certificate problems???

Read other 7 answers

Hi all,

I have just been bought some Bluetooth headphones that didn't come with
a Bluetooth receiver so I bought one from Amazon that uses CSR Harmony Stack Software.
I noticed it installed a lot of crap and decided to research it.

I found this post -


If the above is still true what risk is it to me?
Can I lessen the risk at all?
If not then would this constitute grounds for a refund?

Thanks in advance,


Read other answers

Hi I am Junaid Yousaf from Pakistan, I am having trouble to update the Root Certificate to access a few online activities and to add I am unable to access Microsoft's Websites especially where I could download stuff, it says "Server not found" something which would only pop if my internet connection was dead which isn't the case.

Really glad for your help as followed I have taken the instructions I was pointed to on the forum.

DDS Log....

DDS (Ver_10-10-21.02) - NTFSx86
Run by Psio at 5:04:53.46 on Fri 10/22/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1341 [GMT 5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings... Read more

A:Root Certificate and Microsoft


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.


Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right... Read more

Read other 19 answers

Hi there.
I have a laptop running XP Home. IE7 would not install ... and along with it, somethig called Root Certificate Update.
I did some Googling, and the places I found wanted me to find GPEDIT and GPMS.msc (spelling on that one could be wrong) but the computer said these did not exist.

I even successfully installed SP3. All other areas seem to be working fine. It just wil not install that root thing an IE7.

Please adivse.

Thank you.
Don in Tucson

A:IE6 and root certificate update

Have you tried installing the root certificate update separately from IE7? If you run a manual Windows Update and use the "Custom" update option, you can uncheck IE7 and leave the root certificate update selected. Then, install that update and see what happens.


Read other 2 answers

We are configuring NSS domain.
I was able to import 2 ENTRUST certificates to NSS DB.
Root certificate failed to import
This is a command that I run

%NSS_HOME%\bin\certutil -A -n "entrustRoot" -t "T,C,C" -i C:\AppServer\certificaterequests\cacert.crt -d %AS_HOME%\domains\nssdomain\config

Then I run this command

%NSS_HOME%\bin\certutil -L -n entrustRoot -d %AS_HOME%\domains\nssdomain\config

Received this message

certutil: could not find : EntrustRoot.
:security libary: bad database

Please help

Thank you in advance

Read other answers

Hi Malwaretips Team,
could someone please help confirm whether the 2 certificates in the screenshot are normal, ie do you have them to
C:\SysinternalsSuite(1)>sigcheck -tv

Sigcheck v2.53 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Listing valid certificates not rooted to the Microsoft Certificate Trust List:

Microsoft Development Root Certificate Authority 2014
Cert Status: Valid
Valid Usage: All
Cert Issuer: Microsoft Development Root Certificate Authority 2014
Serial Number: 07 8F 0A 9D 03 DF 11 9E 43 4E 4F EC 1B F0 23 5A
Thumbprint: F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB
Algorithm: sha256RSA
Valid from: 4:43 AM 29/05/2014
Valid to: 4:51 AM 29/05/2039
Microsoft Development Root Certificate Authority 2014
Cert Status: Valid
Valid Usage: All
Cert Issuer: Microsoft Development Root Certificate Authority 2014
Serial Number: 07 8F 0A 9D 03 DF 11 9E 43 4E 4F EC 1B F0 23 5A
Thumbprint: F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB
Algorithm: sha256RSA
Valid from: 4:43 AM 29/05/2014
Valid to: 4:51 AM 29/05/2039

Thank you for your time to help
My machine is scanned very regularly with Emsisoft Malwarebytes Avira and Windows Defender
and exhibits no weird behavior.

A:Root Certificate Confrmation

Would make sense if you're running Windows 10. Apparently, it was a bug in an earlier build with Edge.

Xiaoyin Liu on Twitter

Read other 1 answers

Hi I am Junaid Yousaf from Pakistan, I am having trouble to update the Root Certificate to access a few online activities and to add I am unable to access Microsoft's Websites especially where I could download stuff, it says "Server not found" something which would only pop if my internet connection was dead which isn't the case.

Really glad for your help as followed I have taken the instructions I was pointed to on the forum.

DDS Log....

DDS (Ver_10-10-21.02) - NTFSx86
Run by Psio at 5:04:53.46 on Fri 10/22/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1341 [GMT 5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings... Read more

A:Root Certificate and Microsoft

Another thing I'd like to mention there is something wrong with my PC, I get the ASK.com search engines for no reason, even after attempting a correctly typed email address this search engine shows up, looking forward and apologies for double post I really hope I could find the edit button.


Read other 5 answers

WinXP just notified me of a "Root Certificate Update"
What exactly is this and is it something I should go ahead and install?

A:Root Certificate Update

Yes, it's the updated security certificates for some sites and services.

Read other 3 answers

received email (windows Live, Sony Vaio,windows 7, IE vs 8 32 bit)
GTE Cyber...

Security alert re certificate
Downloaded certificate
Cannot open email
cannot delete email
cannot get rid of security alert
tried reboot/restore and a million other things
click on email freezes email program
HELP me get rid of the email!

Read other answers