none
Microsoft Root Certificate Authority reported as revoked RRS feed

  • Question

  • Hello community,  I'm running in to an issue where driver from a reputed company is failing on a brand new windows 10 1809 machine. 

    "Microsoft Root Certificate Authority" > "This certificate was revoked by its certification authority."

    

    Serial > 79ad16a14aa0a5ad4c7358f407132e65

    Thumbprint > cdd4eeae6000ac7f40c3802c171e30148030c072

    When i export the same root cert out from the chain, windows reports it as good.

    

    Thoughts or guidance? 


    -Siva

    Tuesday, June 11, 2019 3:22 PM

All replies

  • Hi,

     

    I have found a similar thread with yours, just for your reference:

     

    https://social.technet.microsoft.com/Forums/security/en-US/8ee36fb1-eb0e-44e5-bb0d-b822458517b0/certificates-issue-this-certificate-has-been-revoked-by-its-certification-authority-after-ltsb?forum=win10itprogeneral

     

    You might try the methods mentioned by the user,

     

    1. Took a backup and deleted all the certificates from trusted root authority certificate store

     

    2. installed a brand new windows 10 machine  and exported all certificates to .sst (microsoft serialized certificate store) file

     

    3. Imported the .sst to the problem computer's trusted root certificate store.

     

    Hope these can help you.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 12, 2019 3:39 AM
  • Hi Farena,

    Unfortunately that didn't help. Any thoughts on what would be causing this? 


    -Siva

    Wednesday, June 12, 2019 1:32 PM
  • Hi,

     

    Before we go further, I would like to confirm what driver it is.

     

    Have you ever met this kind of issue before?

     

    See also:https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate

     

    Best regards,

    Farena


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 13, 2019 5:54 AM
  • Hi Farena,

    Thanks for continuing to look at this. It is not one specific driver. the ones that failed are drivers from citrix receiver, imprivata, vmware etc. As you can see these are big names and the installs work fine on other enterprise machines hence i ruled out it being a driver sign issue.

    Error Snippet from "C:\Windows\INF\setupapi.dev.log"

    ####################################################################

    >>>  [Setup Import Driver Package - C:\Program Files (x86)\Imprivata\OneSign Agent\Drivers\RFIDBTLE\rfidbtle.inf]
    >>>  Section start 2019/06/07 14:13:26.784
          cmd: C:\Windows\System32\MsiExec.exe -Embedding CCA6DE91AAE32C5ABAF7FB9AE4B64C71 E Global\MSI0000
         inf: Provider: RF IDeas, Inc.   www.RFIDeas.com
         inf: Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
         inf: Driver Version: 01/19/2017,5.1.2600.0
         inf: Catalog File: rfidbtle.cat
         pol: {Driver package policy check} 14:13:26.799
         pol: {Driver package policy check - exit(0x00000000)} 14:13:26.799
         sto: {Stage Driver Package: C:\Program Files (x86)\Imprivata\OneSign Agent\Drivers\RFIDBTLE\rfidbtle.inf} 14:13:26.799
         inf:      Could not find include INF file "layout.inf". Error = 0x00000002
         inf:      {Query Configurability: C:\Program Files (x86)\Imprivata\OneSign Agent\Drivers\RFIDBTLE\rfidbtle.inf} 14:13:26.815
         inf:           Could not find include INF file "layout.inf". Error = 0x00000002
         inf:           Driver package 'rfidbtle.inf' is configurable.
         inf:      {Query Configurability: exit(0x00000000)} 14:13:26.815
         flq:      Copying 'C:\Program Files (x86)\Imprivata\OneSign Agent\Drivers\RFIDBTLE\rfidbtle.cat' to 'C:\Windows\System32\DriverStore\Temp\{cf84305c-b545-ef46-b5dd-9765552fe63c}\rfidbtle.cat'.
         flq:      Copying 'C:\Program Files (x86)\Imprivata\OneSign Agent\Drivers\RFIDBTLE\rfidbtle.inf' to 'C:\Windows\System32\DriverStore\Temp\{cf84305c-b545-ef46-b5dd-9765552fe63c}\rfidbtle.inf'.
         sto:      {DRIVERSTORE IMPORT VALIDATE} 14:13:26.830
         sig:           {_VERIFY_FILE_SIGNATURE} 14:13:26.877
         sig:                Key      = rfidbtle.inf
         sig:                FilePath = C:\Windows\System32\DriverStore\Temp\{cf84305c-b545-ef46-b5dd-9765552fe63c}\rfidbtle.inf
         sig:                Catalog  = C:\Windows\System32\DriverStore\Temp\{cf84305c-b545-ef46-b5dd-9765552fe63c}\rfidbtle.cat
    !    sig:                Verifying file against specific (valid) catalog failed.
    !    sig:                Error 0x800b010c: A certificate was explicitly revoked by its issuer.
         sig:           {_VERIFY_FILE_SIGNATURE exit(0x800b010c)} 14:13:26.877
         sig:           {_VERIFY_FILE_SIGNATURE} 14:13:26.877
         sig:                Key      = rfidbtle.inf
         sig:                FilePath = C:\Windows\System32\DriverStore\Temp\{cf84305c-b545-ef46-b5dd-9765552fe63c}\rfidbtle.inf
         sig:                Catalog  = C:\Windows\System32\DriverStore\Temp\{cf84305c-b545-ef46-b5dd-9765552fe63c}\rfidbtle.cat
    !    sig:                Verifying file against specific Authenticode(tm) catalog failed.
    !    sig:                Error 0x800b010c: A certificate was explicitly revoked by its issuer.
         sig:           {_VERIFY_FILE_SIGNATURE exit(0x800b010c)} 14:13:26.893
    !!!  sig:           An unexpected error occurred while validating driver package. Catalog = rfidbtle.cat, Error = 0x800B010C
    !!!  sig:           Driver package is considered unsigned, and Code Integrity is enforced.
    !!!  sig:           Driver package failed signature validation. Error = 0xE0000247
         sto:      {DRIVERSTORE IMPORT VALIDATE: exit(0xe0000247)} 14:13:26.893
    !!!  sig:      Driver package failed signature verification. Error = 0xE0000247
    !!!  sto:      Failed to import driver package into Driver Store. Error = 0xE0000247
         sto: {Stage Driver Package: exit(0xe0000247)} 14:13:26.893
    <<<  Section end 2019/06/07 14:13:26.893
    <<<  [Exit status: FAILURE(0xe0000247)]

    >>>  [SetupCopyOEMInf - C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.inf]
    >>>  Section start 2019/06/07 14:14:16.513
          cmd: "C:\Program Files (x86)\Citrix\ICA Client\Drivers64\usbinst.exe" SetupCopyOEMInf      "C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.inf"
         inf: Copy style: 0x00000000
         sto: {Setup Import Driver Package: C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.inf} 14:14:16.544
         inf:      Provider: Citrix Systems Inc.
         inf:      Class GUID: {CF2A3345-050B-41D0-BAF5-CD558EFAAE3B}
         inf:      Driver Version: 09/21/2017,14.9.1000.8
         inf:      Catalog File: ctxusbm.cat
         pol:      {Driver package policy check} 14:14:16.560
         pol:      {Driver package policy check - exit(0x00000000)} 14:14:16.560
         sto:      {Stage Driver Package: C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.inf} 14:14:16.560
         inf:           {Query Configurability: C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.inf} 14:14:16.560
         inf:                Driver package 'ctxusbm.inf' is configurable.
         inf:           {Query Configurability: exit(0x00000000)} 14:14:16.576
         flq:           Copying 'C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.cat' to 'C:\Windows\System32\DriverStore\Temp\{289639c7-86ab-6e44-a10f-b967d9f525c8}\ctxusbm.cat'.
         flq:           Copying 'C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.inf' to 'C:\Windows\System32\DriverStore\Temp\{289639c7-86ab-6e44-a10f-b967d9f525c8}\ctxusbm.inf'.
         flq:           Copying 'C:\Program Files (x86)\Citrix\ICA Client\Drivers64\ctxusbm\ctxusbm.sys' to 'C:\Windows\System32\DriverStore\Temp\{289639c7-86ab-6e44-a10f-b967d9f525c8}\ctxusbm.sys'.
         sto:           {DRIVERSTORE IMPORT VALIDATE} 14:14:16.623
         sig:                {_VERIFY_FILE_SIGNATURE} 14:14:16.685
         sig:                     Key      = ctxusbm.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{289639c7-86ab-6e44-a10f-b967d9f525c8}\ctxusbm.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{289639c7-86ab-6e44-a10f-b967d9f525c8}\ctxusbm.cat
    !    sig:                     Verifying file against specific (valid) catalog failed.
    !    sig:                     Error 0x800b010c: A certificate was explicitly revoked by its issuer.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0x800b010c)} 14:14:16.701
         sig:                {_VERIFY_FILE_SIGNATURE} 14:14:16.701
         sig:                     Key      = ctxusbm.inf
         sig:                     FilePath = C:\Windows\System32\DriverStore\Temp\{289639c7-86ab-6e44-a10f-b967d9f525c8}\ctxusbm.inf
         sig:                     Catalog  = C:\Windows\System32\DriverStore\Temp\{289639c7-86ab-6e44-a10f-b967d9f525c8}\ctxusbm.cat
    !    sig:                     Verifying file against specific Authenticode(tm) catalog failed.
    !    sig:                     Error 0x800b010c: A certificate was explicitly revoked by its issuer.
         sig:                {_VERIFY_FILE_SIGNATURE exit(0x800b010c)} 14:14:16.701
    !!!  sig:                An unexpected error occurred while validating driver package. Catalog = ctxusbm.cat, Error = 0x800B010C
    !!!  sig:                Driver package is considered unsigned, and Code Integrity is enforced.
    !!!  sig:                Driver package failed signature validation. Error = 0xE0000247
         sto:           {DRIVERSTORE IMPORT VALIDATE: exit(0xe0000247)} 14:14:16.701
    !!!  sig:           Driver package failed signature verification. Error = 0xE0000247
    !!!  sto:           Failed to import driver package into Driver Store. Error = 0xE0000247
         sto:      {Stage Driver Package: exit(0xe0000247)} 14:14:16.701
         sto: {Setup Import Driver Package - exit (0xe0000247)} 14:14:16.716
    !!!  inf: Failed to import driver package into driver store
    !!!  inf: Error 0xe0000247: A problem was encountered while attempting to add the driver to the store.
    <<<  Section end 2019/06/07 14:14:16.888
    <<<  [Exit status: FAILURE(0xe0000247)]

    ####################################################################



    -Siva

    Thursday, June 13, 2019 1:19 PM
  • Hi there, we have a similar problem, did you ever get a resolution to this?

    -Greg

    Wednesday, July 31, 2019 10:44 AM
  • Also curious if a resolution was ever found for this issue...

    We have small numbers of machines with this issue.


    There's no place like 127.0.0.1

    Thursday, November 7, 2019 6:11 PM
  • Anyone find a resolution? I'm having a similar issue.
    Saturday, December 7, 2019 4:51 AM
  • you could try to verify the certificate store: Sigcheck
    sigcheck64.exe -tuv -nobanner
    Saturday, December 7, 2019 5:53 AM
  • Hi,

    We were able to identify and fix the issue in our company:

    During the importing of the roots.sst certificates (created through certutil.exe -generateSSTFromWU roots.sst) the following certificates ended up being corrupted:

    CDD4EEAE6000AC7F40C3802C171E30148030C072  CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com
    A43489159A520F0D93D032CCAF37E7FE20A8B419  CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.
    8F43288AD272F3103B6FB1428485EA3014C0BCFE  CN=Microsoft Root Certificate Authority 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
    3B1EFD3A66EA28B16697394703A72CA340A05BD5  CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
    7F88CD7223F3C813818C994614A89C99FA3B5247  CN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US
    31F9FC8BA3805986B721EA7295C65B3A44534274  CN=Microsoft ECC TS Root Certificate Authority 2018, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
    06F1AA330B927B753A40E68CDF22E34BCBEF3352  CN=Microsoft ECC Product Root Certificate Authority 2018, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

    Solution was:

    - Deleting these certificates from the certificate store of the affected machines
    - Extracting clean copies of these certificates from the original image
    - Import them through Import-Certificate
    After reboot the error would not appear anymore and we were able to install the newer visual studio applications and also the HP drivers that we were unable to install before.
    22 hours 36 minutes ago