none
SPOL Management Shell "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider"

    Question

  • Hi all,

    I am running into an issue with SPOL Management Shell.  Installs fine but when starting it shows the error culminating with "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider".  I am running Win10 and have tried both 32 and 64-bit versions with the same error.  Digging into the Event Log, I see a couple different errors:

    Error Message = Errors occurred while loading the format data file: 
    C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml, , C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml: The file was skipped because of the following validation exception: File C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml cannot be loaded. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider..

    Fully Qualified Error ID = ErrorsUpdatingFormats



    Context:
            Severity = Warning
            Host Name = ConsoleHost
            Host Version = 5.1.17134.48
            Host ID = 70551f4f-00c2-4e25-9cd6-eb2fb991b63e
            Host Application = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoExit -Command Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking;
            Engine Version = 5.1.17134.48
            Runspace ID = 50d5f29b-e40a-4733-994c-5191b4f719fa
            Pipeline ID = 2
            Command Name = 
            Command Type = 
            Script Name = 
            Command Path = 
            Sequence Number = 18
            User = DESKTOP-D6N7ADM\tl069
            Connected User = 
            Shell ID = Microsoft.PowerShell

    Error Message = Errors occurred while loading the format data file: 
    C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml, , C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml: The file was skipped because of the following validation exception: File C:\Program Files (x86)\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml cannot be loaded. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider..

    Fully Qualified Error ID = FormatXmlUpdateException,Microsoft.PowerShell.Commands.ImportModuleCommand


    Context:
            Severity = Warning
            Host Name = ConsoleHost
            Host Version = 5.1.17134.48
            Host ID = 70551f4f-00c2-4e25-9cd6-eb2fb991b63e
            Host Application = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoExit -Command Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking;
            Engine Version = 5.1.17134.48
            Runspace ID = 50d5f29b-e40a-4733-994c-5191b4f719fa
            Pipeline ID = 2
            Command Name = Import-Module
            Command Type = Cmdlet
            Script Name = 
            Command Path = 
            Sequence Number = 19
            User = DESKTOP-D6N7ADM\tl069
            Connected User = 
            Shell ID = Microsoft.PowerShell


    User Data:

    But then strangely I also get a Bitlocker error 10-15 seconds later.

    Error Message = This drive is locked by BitLocker Drive Encryption. You must unlock this drive from Control Panel.


    Provider name = Microsoft.PowerShell.Core\FileSystem


    Context:
            Severity = Warning
            Host Name = ConsoleHost
            Host Version = 5.1.17134.48
            Host ID = ff51c8ad-3318-4ada-97c7-7d497d50a845
            Host Application = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoExit -Command Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking;
            Engine Version = 
            Runspace ID = 
            Pipeline ID = 
            Command Name = 
            Command Type = 
            Script Name = 
            Command Path = 
            Sequence Number = 14
            User = DESKTOP-D6N7ADM\tl069
            Connected User = 
            Shell ID = Microsoft.PowerShell


    User Data:

    I assume, since I run Powershell fine with Bitlocker on, that SPOL Management Shell shouldn't be tripping over it.  Has anyone else seen this?  

    Thanks,

    Tim

    Thursday, May 17, 2018 10:43 PM

Answers

  • Tim,

    I was setting up dev environment on a brand new pc and had this same error. It drove me nuts for hours.
    Here's how I fixed it.

    I located the file referenced in the error: "Microsoft.Online.SharePoint.PowerShell.ps1xml
    Right-Click
    to view Properties.
    Clicked to Digital Signatures tab - click the signer, then Details button.


    I immediately noticed the same error in the details that the management shell was giving me...
    I clicked to View Certificate to see more...



    Clicking the Certification Path tab showed me what the trusting authority was and gave me clue as to why...It showed the Microsoft Testing Root CA 2010 which I did not have installed.
    You can find out by running CERTMGR.MSC and looking in the "Trusted Root Certification Authorities" folder.

    I clicked the View Certificate button to view this new root cert.

    Right there in the view was the resolution to the problem...
    I Clicked the Install Certificate button and made sure to select "Trusted Root Certification Authorities" as the location.

    Hope this helps...



    • Edited by Harley3k Tuesday, June 26, 2018 7:59 PM spelling
    • Proposed as answer by Eickhel Friday, June 29, 2018 10:00 PM
    • Marked as answer by timlabrie Wednesday, July 04, 2018 3:25 PM
    Tuesday, June 26, 2018 7:58 PM

All replies

  • I've got the same error happening, was working fine about a week ago.

    Import-Module : Errors occurred while loading the format data file:
    C:\Program Files\SharePoint Online Management
    Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml, , C:\Program
    Files\SharePoint Online Management
    Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml: The file was skipped
    because of the following validation exception: File C:\Program Files\SharePoint Online Management
    Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.PowerShell.ps1xml cannot be loaded. A
    certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider..
    At line:1 char:1
    + Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChec ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Import-Module], RuntimeException
        + FullyQualifiedErrorId : FormatXmlUpdateException,Microsoft.PowerShell.Commands.ImportModuleCommand


    I'll update if I find a fix!

    Edit: Thought it might be a Windows update issue with root certificates but haven't found a solution down that road yet.

    Edit 2: RCC scanner to find questionable root certificates might help you out: https://www.trustprobe.com/fs1/apps.html

    Edit 3: Ended up doing a full OS reinstall and now it's working. Best of luck to you!
    • Edited by mzager Thursday, June 07, 2018 12:15 AM
    Thursday, May 31, 2018 10:23 PM
  • That can happen is a root certificate has been revoked.


    \_(ツ)_/

    Thursday, May 31, 2018 10:26 PM
    Moderator
  • Is there a way to go about fixing or reinstalling the root certificates? Still have not been able to find a solution to this. 
    Tuesday, June 05, 2018 4:20 PM
  • The error is telling you that the certificate is not valid.  You cannot fix that.  Contact the vendor to get a fix for the software you are trying to use.  Only the vendor using the certificate can fix this.

    In this case you need to reinstall the SharePoint components.  If this fails contact Microsoft for assistance.

    You should be using module version 16.0.7723.1200

    or later.

    https://www.microsoft.com/en-us/download/details.aspx?id=35588


    \_(ツ)_/

    Tuesday, June 05, 2018 4:27 PM
    Moderator
  • Tim,

    I was setting up dev environment on a brand new pc and had this same error. It drove me nuts for hours.
    Here's how I fixed it.

    I located the file referenced in the error: "Microsoft.Online.SharePoint.PowerShell.ps1xml
    Right-Click
    to view Properties.
    Clicked to Digital Signatures tab - click the signer, then Details button.


    I immediately noticed the same error in the details that the management shell was giving me...
    I clicked to View Certificate to see more...



    Clicking the Certification Path tab showed me what the trusting authority was and gave me clue as to why...It showed the Microsoft Testing Root CA 2010 which I did not have installed.
    You can find out by running CERTMGR.MSC and looking in the "Trusted Root Certification Authorities" folder.

    I clicked the View Certificate button to view this new root cert.

    Right there in the view was the resolution to the problem...
    I Clicked the Install Certificate button and made sure to select "Trusted Root Certification Authorities" as the location.

    Hope this helps...



    • Edited by Harley3k Tuesday, June 26, 2018 7:59 PM spelling
    • Proposed as answer by Eickhel Friday, June 29, 2018 10:00 PM
    • Marked as answer by timlabrie Wednesday, July 04, 2018 3:25 PM
    Tuesday, June 26, 2018 7:58 PM
  • it did work for me! thanks
    Friday, June 29, 2018 10:01 PM
  • THANK YOU HARLEY!!!  This had me tearing my hair out. I should have checked the issuer statement.  Thanks so much...
    Wednesday, July 04, 2018 3:26 PM
  • You're welcome :)
    Thursday, July 05, 2018 3:22 PM