Microsoft-Windows-CAPI2 Access Denied Event ID 4110 error

-

hi team,

i need help! have install symantec application windows server 2008 r2 workspace , i'm running error message , on event viewer this.:

xml view.:

- <event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <system>
  <provider name="microsoft-windows-capi2" guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" eventsourcename="microsoft-windows-capi2" /> 
  <eventid qualifiers="0">4110</eventid> 
  <version>0</version> 
  <level>2</level> 
  <task>0</task> 
  <opcode>0</opcode> 
  <keywords>0x8080000000000000</keywords> 
  <timecreated systemtime="2016-06-20t07:17:05.960875000z" /> 
  <eventrecordid>1491095</eventrecordid> 
  <correlation /> 
  <execution processid="284" threadid="5460" /> 
  <channel>application</channel> 
  <computer>xfiles0</computer> 
  <security /> 
  </system>
- <eventdata>
  <data /> 
  <data>access denied.</data> 
  </eventdata>
  </event>

(friendly view):

                 

- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
   [ eventsourcename]  microsoft-windows-capi2 

  - eventid 4110 

   [ qualifiers]  0 

   version 0 

   level 2 

   task 0 

   opcode 0 

   keywords 0x8080000000000000 

  - timecreated 

   [ systemtime]  2016-06-20t07:17:05.960875000z 

   eventrecordid 1491095 

   correlation 

  - execution 

   [ processid]  284 
   [ threadid]  5460 

   channel application 

   computer xfiles0 

   security 


- eventdata 


   access denied.  

i tried make solution:

grant user "nt service\cryptsvc" full access on following registry key:
hkey_local_machine\software\microsoft\systemcertificates\authroot

didn't help.

i tried grant access via group policy didn't worked. 

after when enabled logging capi2 had these error (warning long message!):

                                                                  

+ system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 

   eventid 11 

   version 0 

   level 2 

   task 11 


   opcode 2 

   keywords 0x4000000000000003 

  - timecreated 

   [ systemtime]  2016-06-21t13:35:09.265625000z 

   eventrecordid 1223 

   correlation 

  - execution 

   [ processid]  5524 
   [ threadid]  6196 

   channel microsoft-windows-capi2/operational 

   computer xfiles0 

  - security 

   [ userid]  s-1-5-18 


- userdata 

  - certgetcertificatechain 

  - certificate 

   [ fileref]  56e832a33ddc8cf2c916da7cbb1175cbacabae2c.cer 
   [ subjectname]  microsoft time-stamp service 

   validationtime 2009-07-14t03:00:30z 

  - additionalstore 

  - certificate 

   [ fileref]  5df0d7571b0780783960c68b78571ffd7edaf021.cer 
   [ subjectname]  microsoft windows verification pca 

  - certificate 

   [ fileref]  375fcb825c3dc3752a02e34eb70993b4997191ef.cer 
   [ subjectname]  microsoft time-stamp pca 

  - certificate 

   [ fileref]  018b222e21fbb2952304d04d1d87f736ed46dea4.cer 
   [ subjectname]  microsoft windows 

  - certificate 

   [ fileref]  56e832a33ddc8cf2c916da7cbb1175cbacabae2c.cer 
   [ subjectname]  microsoft time-stamp service 


  - extendedkeyusage 

  - usage 

   [ oid]  1.3.6.1.5.5.7.3.8 
   [ name]  time stamping 


  - flags 

   [ value]  c8000005 
   [ cert_chain_cache_end_cert]  true 
   [ cert_chain_cache_only_url_retrieval]  true 
   [ cert_chain_revocation_check_chain_exclude_root]  true 
   [ cert_chain_revocation_check_cache_only]  true 
   [ cert_chain_revocation_accumulative_timeout]  true 

  - chainengineinfo 

   [ context]  user 

  - certificatechain 

   [ chainref]  {9acf4030-d9ea-4086-9d70-d0a03fac31f6} 
  - truststatus 

  - errorstatus 

   [ value]  1000040 
   [ cert_trust_revocation_status_unknown]  true 
   [ cert_trust_is_offline_revocation]  true 

  - infostatus 

   [ value]  100 
   [ cert_trust_has_preferred_issuer]  true 


  - chainelement 

  - certificate 

   [ fileref]  56e832a33ddc8cf2c916da7cbb1175cbacabae2c.cer 
   [ subjectname]  microsoft time-stamp service 

  - signaturealgorithm 

   [ oid]  1.2.840.113549.1.1.5 
   [ hashname]  sha1 
   [ publickeyname]  rsa 

  - publickeyalgorithm 

   [ oid]  1.2.840.113549.1.1.1 
   [ publickeyname]  rsa 
   [ publickeylength]  2048 

  - truststatus 

  - errorstatus 

   [ value]  1000040 
   [ cert_trust_revocation_status_unknown]  true 
   [ cert_trust_is_offline_revocation]  true 

  - infostatus 

   [ value]  102 
   [ cert_trust_has_key_match_issuer]  true 
   [ cert_trust_has_preferred_issuer]  true 


  - applicationusage 

  - usage 

   [ oid]  1.3.6.1.5.5.7.3.8 
   [ name]  time stamping 


   issuanceusage 

  - revocationinfo 

  - revocationresult revocation function unable check revocation because revocation server offline. 

   [ value]  80092013 



  - chainelement 

  - certificate 

   [ fileref]  375fcb825c3dc3752a02e34eb70993b4997191ef.cer 
   [ subjectname]  microsoft time-stamp pca 

  - signaturealgorithm 

   [ oid]  1.2.840.113549.1.1.5 
   [ hashname]  sha1 
   [ publickeyname]  rsa 

  - publickeyalgorithm 

   [ oid]  1.2.840.113549.1.1.1 
   [ publickeyname]  rsa 
   [ publickeylength]  2048 

  - truststatus 

  - errorstatus 

   [ value]  1000040 
   [ cert_trust_revocation_status_unknown]  true 
   [ cert_trust_is_offline_revocation]  true 

  - infostatus 

   [ value]  101 
   [ cert_trust_has_exact_match_issuer]  true 
   [ cert_trust_has_preferred_issuer]  true 


  - applicationusage 

  - usage 

   [ oid]  1.3.6.1.5.5.7.3.8 
   [ name]  time stamping 


   issuanceusage 

  - revocationinfo 

  - revocationresult revocation function unable check revocation because revocation server offline. 

   [ value]  80092013 



  - chainelement 

  - certificate 

   [ fileref]  cdd4eeae6000ac7f40c3802c171e30148030c072.cer 
   [ subjectname]  microsoft root certificate authority 

  - signaturealgorithm 

   [ oid]  1.2.840.113549.1.1.5 
   [ hashname]  sha1 
   [ publickeyname]  rsa 

  - publickeyalgorithm 

   [ oid]  1.2.840.113549.1.1.1 
   [ publickeyname]  rsa 
   [ publickeylength]  4096 

  - truststatus 

  - errorstatus 

   [ value]  0 

  - infostatus 

   [ value]  10c 
   [ cert_trust_has_name_match_issuer]  true 
   [ cert_trust_is_self_signed]  true 
   [ cert_trust_has_preferred_issuer]  true 


  - applicationusage 

   [ any]  true 

  - issuanceusage 

   [ any]  true 



  - eventauxinfo 

   [ processname]  trustedinstaller.exe 

  - correlationauxinfo 

   [ taskid]  {871ffdeb-f1fe-4bf2-a763-4d6a2028bd44} 
   [ seqnumber]  13 

  - result revocation function unable check revocation because revocation server offline. 

   [ value]  80092013 


- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
 
   eventid 41 
 
   version 0 
 
   level 2 
 
   task 41 
 
   opcode 2 
 
   keywords 0x4000000000000005 
 
  - timecreated 

   [ systemtime]  2016-06-21t13:35:09.406250000z 
 
   eventrecordid 1429 
 
   correlation 
 
  - execution 

   [ processid]  5524 
   [ threadid]  6196 
 
   channel microsoft-windows-capi2/operational 
 
   computer xfiles0 
 
  - security 

   [ userid]  s-1-5-18 
 

- userdata 

  - certverifyrevocation 

  - certificate 

   [ fileref]  7cb0244c7cec5283e7efdadf5ccc58772dd67f42.cer 
   [ subjectname]  microsoft time-stamp service 
 
  - issuercertificate 

   [ fileref]  375fcb825c3dc3752a02e34eb70993b4997191ef.cer 
   [ subjectname]  microsoft time-stamp pca 
 
  - flags 

   [ value]  6 
   [ cert_verify_cache_only_based_revocation]  true 
   [ cert_verify_rev_accumulative_timeout_flag]  true 
 
  - additionalparameters 

   [ timetouse]  2010-11-20t19:37:07z 
   [ currenttime]  2016-06-21t13:35:09.406z 
   [ urlretrievaltimeout]  pt20s 
 
  - revocationstatus 

   [ index]  0 
   [ error]  80092013 
   [ reason]  0 
 
  - eventauxinfo 

   [ processname]  trustedinstaller.exe 
 
  - correlationauxinfo 

   [ taskid]  {0e2803ac-a55f-4d52-9633-9526084be70e} 
   [ seqnumber]  12 
 
  - result revocation function unable check revocation because revocation server offline. 

   [ value]  80092013 
 
 

- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
 
   eventid 81 
 
   version 0 
 
   level 2 
 
   task 80 
 
   opcode 2 
 
   keywords 0x4000000000000040 
 
  - timecreated 

   [ systemtime]  2016-06-22t06:25:55.484375000z 
 
   eventrecordid 1515 
 
   correlation 
 
  - execution 

   [ processid]  2412 
   [ threadid]  7540 
 
   channel microsoft-windows-capi2/operational 
 
   computer xfiles0 
 
  - security 

   [ userid]  s-1-5-21-2891754220-1581365162-4186756288-1198 
 

- userdata 

  - winverifytrust 

   actionid {00aac56b-cd44-11d0-8cc2-00c04fc295ee} 
 
  - uichoice wtd_ui_none 

   [ value]  2 
 
  - revocationcheck 

   [ value]  0 
 
  - stateaction wtd_stateaction_verify 

   [ value]  1 
 
  - flags 

   [ value]  80006000 
   [ wtd_disable_md2_md4]  true 
   [ wtd_motw]  true 
   [ cpd_use_nt5_chain_flag]  true 
 
  - fileinfo 

   [ filepath]  c:\users\huh81418\appdata\local\microsoft\windows\temporary internet files\content.ie5\b5ovrdyp\miccertrulispca_2009-04-02[1].cer 
   [ hasfilehandle]  true 
 
  - digestinfo 

   [ digestalgorithm]   
   [ digest]   
 
  - regpolicysetting 

   [ value]  23c00 
   [ wtpf_offlineok_ind]  true 
   [ wtpf_offlineok_com]  true 
   [ wtpf_offlineoknbu_ind]  true 
   [ wtpf_offlineoknbu_com]  true 
   [ wtpf_ignorerevocationonts]  true 
 
  - steperror 

   [ stepid]  3 
   [ stepname]  trusterror_step_sip 
  - result form specified subject not 1 supported or known specified trust provider. 

   [ value]  800b0003 
 
 
  - steperror 

   [ stepid]  9 
   [ stepname]  trusterror_step_msg_signercount 
  - result form specified subject not 1 supported or known specified trust provider. 

   [ value]  800b0003 
 
 
  - steperror 

   [ stepid]  32 
   [ stepname]  trusterror_step_final_objprov 
  - result form specified subject not 1 supported or known specified trust provider. 

   [ value]  800b0003 
 
 
  - steperror 

   [ stepid]  33 
   [ stepname]  trusterror_step_final_sigprov 
  - result no signature present in subject. 

   [ value]  800b0100 
 
 
  - steperror 

   [ stepid]  34 
   [ stepname]  trusterror_step_final_certprov 
  - result no signature present in subject. 

   [ value]  800b0100 
 
 
  - eventauxinfo 

   [ processname]  iexplore.exe 
 
  - correlationauxinfo 

   [ taskid]  {53e5a1f0-a3dd-4cc6-92f7-fd7d24cd3c41} 
   [ seqnumber]  2 
 
  - result form specified subject not 1 supported or known specified trust provider. 

   [ value]  800b0003 
 
 
- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
 
   eventid 53 
 
   version 0 
 
   level 2 
 
   task 53 
 
   opcode 2 
 
   keywords 0x4000000000000036 
 
  - timecreated 

   [ systemtime]  2016-06-22t06:26:29.500000000z 
 
   eventrecordid 1525 
 
   correlation 
 
  - execution 

   [ processid]  7528 
   [ threadid]  7524 
 
   channel microsoft-windows-capi2/operational 
 
   computer xfiles0 
 
  - security 

   [ userid]  s-1-5-21-2891754220-1581365162-4186756288-1198 
 

- userdata 

  - cryptretrieveobjectbyurlwire 

  - url http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab 

   [ scheme]  http 
 
  - object 

   [ type]  blob 
   [ constant]  0 
 
   timeout pt15s 
 
  - flags 

   [ value]  c205004 
   [ crypt_wire_only_retrieval]  true 
   [ crypt_sticky_cache_retrieval]  true 
   [ crypt_offline_check_retrieval]  true 
   [ crypt_proxy_cache_retrieval]  true 
   [ crypt_random_query_string_retrieval]  true 
   [ crypt_enable_file_retrieval]  true 
 
  - auxinfo 

   [ cacheresynctime]  2016-06-22t02:26:23.234z 
   [ fproxycacheretrieval]  true 
 
  - additionalinfo 

  - networkconnectivitystatus 

   [ value]  1 
   [ _sensapi_network_alive_lan]  true 
 
  - action 

   [ name]  call_winhttpgetproxyforurl 
  - error proxy auto-configuration url not found. 

   [ value]  2f94 
 
 
  - action 

   [ name]  noproxy 
 
  - action 

   [ name]  call_winhttpgetproxyforurl 
  - error proxy auto-configuration url not found. 

   [ value]  2f94 
 
 
  - action 

   [ name]  noproxy 
 
  - httprequestheadersinfo 

   header /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6cab9a099cfb92b1 http/1.1 
 
   header accept: */* 
 
   header user-agent: microsoft-cryptoapi/6.1 
 
   header connection: keep-alive 
 
 
  - httpresponseheadersinfo 

   header http/1.1 200 ok 
 
   header cache-control: max-age=86400 
 
   header connection: keep-alive 
 
   header date: wed, 22 jun 2016 06:26:25 gmt 
 
   header content-length: 6557 
 
   header content-type: application/octet-stream 
 
   header last-modified: thu, 26 may 2016 16:44:40 gmt 
 
   header accept-ranges: bytes 
 
   header age: 0 
 
   header etag: "0cc7de56db7d11:0" 
 
   header server: microsoft-iis/7.5 
 
   header x-powered-by: asp.net 
 
 
 
  - cacheinfo 

   [ lastsynctime]  2016-06-22t06:26:29.500z 
  - urlcacheresponseinfo 

   [ responsetype]  cryptnet_url_cache_response_http 
   [ lastmodifiedtime]  2016-05-26t16:44:40z 
   [ maxage]  86400 
   [ etag]  "0cc7de56db7d11:0" 
 
 
  - retrievedobjects 

  - blob 4d534346000000009d190000000000002c000000000000000301010001000000000000004f00000001000100d7230000000000000000b8488c792000646973616c6c6f776564636572742e73746c0010c8a7214619d723434bd5980938946dfbff67c6d8b364e7b10b59867bc62e8aec5bc84eb2ef6b0c4296196b09d965892c 

   [ fileref]  dac95a6a377be7eaa7cd8d02211fbbe1d22ebedf.bin 
   [ maxsize]  true 
 
 
  - eventauxinfo 

   [ processname]  rundll32.exe 
 
  - correlationauxinfo 

   [ taskid]  {ae5866f6-f230-4a25-9368-630b0b92a02f} 
   [ seqnumber]  4 
 
  - result 

   [ value]  0 
 
 
- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
 
   eventid 30 
 
   version 0 
 
   level 2 
 
   task 30 
 
   opcode 0 
 
   keywords 0x4000000000000001 
 
  - timecreated 

   [ systemtime]  2016-06-21t13:58:57.843750000z 
 
   eventrecordid 1494 
 
   correlation 
 
  - execution 

   [ processid]  544 
   [ threadid]  604 
 
   channel microsoft-windows-capi2/operational 
 
   computer xfiles0 
 
  - security 

   [ userid]  s-1-5-20 
 

- userdata 

  - certverifycertificatechainpolicy 

  - policy 

   [ type]  cert_chain_policy_ssl 
   [ constant]  4 
 
  - certificate 

   [ fileref]  30cb980ceea9ca2f9e5af2d8d7fcc75308f9c1f2.cer 
   [ subjectname]  xfiles0 
 
  - certificatechain 

   [ chainref]  {03f399cc-055b-4a7d-b08b-78002df102f4} 
 
  - flags 

   [ value]  0 
 
  - ssladditionalpolicyinfo 

   [ authtype]  server 
  - ignoreflags 

   [ value]  280 
   [ security_flag_ignore_revocation]  true 
   [ security_flag_ignore_wrong_usage]  true 
 
 
  - status 

   [ chainindex]  0 
   [ elementindex]  0 
 
  - eventauxinfo 

   [ processname]  lsass.exe 
   [ impersonatetoken]  s-1-5-20 
 
  - correlationauxinfo 

   [ taskid]  {e690e3b2-095f-46c0-bef7-0965aa243a8b} 
   [ seqnumber]  1 
 
  - result certificate chain processed, terminated in root certificate not trusted trust provider. 

   [ value]  800b0109 
 
 
- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
 
   eventid 60 
 
   version 0 
 
   level 2 
 
   task 60 
 
   opcode 0 
 
   keywords 0x4000000000000100 
 
  - timecreated 

   [ systemtime]  2016-06-22t06:26:59.171875000z 
 
   eventrecordid 1584 
 
   correlation 
 
  - execution 

   [ processid]  284 
   [ threadid]  4620 
 
   channel microsoft-windows-capi2/operational 
 
   computer xfiles0 
 
  - security 

   [ userid]  s-1-5-20 
 

- userdata 

  - certificatestore 

  - store authroot 

   [ type]  cert_store_prov_system_registry_w 
   [ constant]  13 
   [ location]  cert_system_store_local_machine_id 
 
  - flags 

   [ value]  20000 
 
  - eventauxinfo 

   [ processname]  svchost.exe 
 
  - correlationauxinfo 

   [ taskid]  {414ff545-f2b5-4cfb-8526-48836304c06e} 
   [ seqnumber]  1 
 
  - result access denied. 

   [ value]  5 
 
 
- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
 
   eventid 80 
 
   version 0 
 
   level 4 
 
   task 80 
 
   opcode 1 
 
   keywords 0x4000000000000040 
 
  - timecreated 

   [ systemtime]  2016-06-21t13:35:09.296875000z 
 
   eventrecordid 1261 
 
   correlation 
 
  - execution 

   [ processid]  5524 
   [ threadid]  6196 
 
   channel microsoft-windows-capi2/operational 
 
   computer xfiles0 
 
  - security 

   [ userid]  s-1-5-18 
 

- userdata 

  - winverifytruststart 

  - eventauxinfo 

   [ processname]  trustedinstaller.exe 
 
  - correlationauxinfo 

   [ taskid]  {ee87cbed-4eb8-4aed-98f6-6e3482897544} 
   [ seqnumber]  1 
 
 
- system 

  - provider 

   [ name]  microsoft-windows-capi2 
   [ guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
 
   eventid 82 
 
   version 0 
 
   level 4 
 
   task 82 
 
   opcode 0 
 
   keywords 0x4000000000000400 
 
  - timecreated 

   [ systemtime]  2016-06-21t13:35:09.296875000z 
 
   eventrecordid 1260 
 
   correlation 
 
  - execution 

   [ processid]  5524 
   [ threadid]  6196 
 
   channel microsoft-windows-capi2/operational 
 
   computer xfiles0 
 
  - security 

   [ userid]  s-1-5-18 
 

- userdata 

  - cryptcatadminenumcatalogfromhash 

  - catqueryinfo 

   [ hash]  5422188ce05aab2b79a91de6692e300cd21f803e 
   [ targetfilepath]  \windows\system32\drivers\msdsm.sys 
   [ catalogfilepath]  c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\microsoft-windows-server-drivers-package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat 
 
  - additionalinfo 

  - cryptsvccatalogs 

   catalog c:\windows\system32\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\microsoft-windows-server-drivers-package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat 
 
 
 
  - eventauxinfo 

   [ processname]  trustedinstaller.exe 
 
  - correlationauxinfo 

   [ taskid]  {5fb88a67-d06d-4404-9a1b-0385d434e5c8} 
   [ seqnumber]  1 
 
  - result 

   [ value]  0 
 
 

these errors. hope find solution of huge complex error.

thanks in advance

regards,

daniel juhasz



Windows Server  >  Setup Deployment



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more