Trusted Root Cert Auth Stor -empty/corrupt

Discussion in 'Windows Small Business Server' started by BrianG, Jun 3, 2005.

  1. BrianG

    BrianG Guest

    Working on a W2003 SBS box. I'm encountering several errors.
    1. Can't get software to install because no Windows Installer.
    2. Can't get Windows Installer to load because it can't determine if
    Cryptographic Services are running.
    3. While troubleshooting Crypto Services, it says to Install a MS Trusted
    Root Certificate.
    4. I get an error trying to import the MS Trusted Root Certificate, "Can't
    open Trusted Root Certification Authority Store".

    I look at my TRCAS and its empty. The other Cert stores have entries.
    What's needed to repair this?
    Thanks,
    Brian
     
    BrianG, Jun 3, 2005
    #1
    1. Advertisements

  2. Hi Brian,

    Thanks for using the newsgroup.

    According to your description, I understand that you encountered problem
    when import Trusted root certificate and you found the trust root
    certificate was empty. If I am off base, please let me know.

    Before we go any further, could you paste the detailed error message in
    event view to the newsgroup, so that we can help you isolate the problem
    more clearly? As I know this issue might be caused by the store corrupt,
    you might have to restore your SBS from former good backup.

    Generally speaking, some of the root certificate can not be removed from
    SBS 2003 or you will encounter some problem when running the OS, you can
    refer to the following KB article for more detailed information:

    293781 Trusted root certificates that are required by Windows Server 2003,
    by
    http://support.microsoft.com/?id=293781

    In order to solve the issue, you can try the steps below:

    1) Delete the autoenrolment registry cache by deleting the following
    registry key and all subordinate keys on all affected machines.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\AutoEnrollment\AEDirector
    yCache."

    2) Executing the following command:
    Certutil.exe -pulse

    3) Go to Start->Run, type MMC and click OK, and browse for the machine
    store's Trusted Root Certification Authorities container and verify that
    the third-party RootCA appears in the list.


    If the issue still exists, you have to restore the certificate store from
    former good backup. I appreciate your understanding on this issue. Any
    further updates would be appreciated.

    Best regards,

    Charles Yang (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Charles Yang [MSFT], Jun 6, 2005
    #2
    1. Advertisements

  3. BrianG

    BrianG Guest

    The "good backup" to restore from, appears to be an issue also. The seven or
    so Trusted Root Certificates that are required according to KB293781 are not
    in the TR Cert Store on my box. You are correct that there are problems
    importing Certificates. I'll try and get the "error msg". I do appreciate
    the attempt to help me fix this without a complete restore. I'll post the
    results.
    Thanks,
    Brian
     
    BrianG, Jun 6, 2005
    #3
  4. Hi Brian,

    Thanks for updates. Please understand that the certificate store corrupt
    might be caused by many factors, we will try our best to repair it but you
    might have to recover it from your good backup.

    Sorry for any inconvenience, I will be here waiting for your updates.

    Best regards,

    Charles Yang (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Charles Yang [MSFT], Jun 8, 2005
    #4
  5. Hi,

    Long time no hearing from you. If you have any further concern, please let
    me know. I am here waiting for your updates.
    Best regards,

    Charles Yang (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Charles Yang [MSFT], Jun 14, 2005
    #5
  6. BrianG

    BrianG Guest

    The 3 step repair did not work in this case. I have resolved myself to a OS
    reload. Thank you for the assistance and I am sure that we will get another
    chance.
    Brian
     
    BrianG, Jun 14, 2005
    #6
  7. Hi Brian,

    Thanks for your effort in this issue, I am sorry to not help you so much in
    this issue. If you have any further concerns, please let me know. I am glad
    to help you in this newsgroup.

    Have a nice day!

    Best regards,

    Charles Yang (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Charles Yang [MSFT], Jun 15, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.