none
certutil -syncWithWU = Access denied RRS feed

  • Question

  • Hi!

    d:\cert>certutil -generateSSTFromWU WURoots.sst
    Access is denied. 0x80070005 (WIN32: 5) -- authrootstl.cab
    CertUtil: -generateSSTFromWU command FAILED: 0x80070005 (WIN32: 5)
    CertUtil: Access is denied.

    d:\cert>certutil -syncWithWU d:\cert
    Access is denied. 0x80070005 (WIN32: 5) -- authrootstl.cab
    CertUtil: -syncWithWU command FAILED: 0x80070005 (WIN32: 5)
    CertUtil: Access is denied.

    Why?

    Win7 and Win 10 (x64, not a server). Running from elevated CMD. Tried disabling UAC -> no changes.

    Sunday, January 13, 2019 3:19 PM

All replies

  • Make sure if you have write permissions in d:\cert folder.

    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell File Checksum Integrity Verifier tool.

    Sunday, January 13, 2019 5:54 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 18, 2019 6:24 AM
    Moderator
  • I have Full (default) access permissions to that folder.

    C:\Windows\system32>icacls d:\cert
    d:\cert BUILTIN\Администраторы:(I)(F)
            BUILTIN\Администраторы:(I)(OI)(CI)(IO)(F)
            NT AUTHORITY\система:(I)(F)
            NT AUTHORITY\система:(I)(OI)(CI)(IO)(F)
            NT AUTHORITY\Прошедшие проверку:(I)(M)
            NT AUTHORITY\Прошедшие проверку:(I)(OI)(CI)(IO)(M)
            BUILTIN\Пользователи:(I)(RX)
            BUILTIN\Пользователи:(I)(OI)(CI)(IO)(GR,GE)

    Translation:

    System - Full

    Administrators - Full

    Users - RX

    Also, I find nothing strange in ProcMon output like Access denied errors in file or registry operations.


    HiJackThis Fork development team


    • Edited by Dragokas Friday, January 18, 2019 5:36 PM added about ProcMon
    Friday, January 18, 2019 3:03 PM
  • No, my issue is not resolved.

    HiJackThis Fork development team

    Friday, January 18, 2019 3:03 PM
  • Hi,

    Please check if the following link is helpful.

    https://social.technet.microsoft.com/Forums/en-US/f3b322ec-a6d1-4df7-a46a-ab53f473d275/win32-5-erroraccess-denied?forum=winserversecurity

    Hope above information could help.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 23, 2019 6:22 AM
    Moderator
  • Hi, thank you.

    It is not a server. So I don't have ADSIEdit.msc to manage permissions.

    I found similar branch in GPO:
    (Computer Configuration, Windows Settings, Security Settings, Public Key Policies GPO)
    But I don't see there an option to manage permissions like in the above topic.

    And I don't know what is mean "CA management tool".
    I didn't change settings myself before the problem occurs.



    HiJackThis Fork development team

    Wednesday, January 23, 2019 12:00 PM
  • Hello,

    This is a note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.

    If you have any updates during this process, please feel free to let me know.

    Thank you for your understanding and support.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 29, 2019 6:20 AM
    Moderator
  • Hi,

    Please help to collect the following information.

    1.How many servers cannot run this command?

    2.Does this command is run as an administrator?

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 4, 2019 6:16 AM
    Moderator
  • 1) Noone. This command run on two separate workstation machines:

     - x64 Windows 7 (Ultimate), 6.1.7601.24334, Service Pack: 1 (all windows updates)

     - x64 Windows 10 (Pro), 10.0.17134.407 (ReleaseId: 1803) (VMWare).

    2) Yes, see the 1-st post.


    HiJackThis Fork development team

    Monday, February 4, 2019 11:49 AM
  • Hi,

    If you use sharing path like \\, could you run the command successfully?

    Best regards,

    Kallen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 25, 2019 2:29 AM
    Moderator
  • Was this ever resolved? Please tell me how, I need it, too.
    Friday, March 29, 2019 1:10 PM