Page 1 of 1

Root Certificates in windows xp - missing, corrupt etc - fix

PostPosted: Sun Nov 14, 2010 11:26 pm
by Sethioz
= Symptoms and Cause/s =

dont ask, but i deleted root certificates in my xp, results were chaotic. i was unable to run msn (well it ran, but as good as not running, cuz it wasnt functioning at all), zonealarm fucked up, IE didnt work and many other things.
including if you go to "control panel" > "add or remove programs" > "add/remove windows components" and it gives error that cant find this and that.

- in IE you are unable to visit SSL sites (https).
- file validation failed, cannot verifiy the digital signature
- msn messenger does not keep anything in memory and does not login (post error code cuz i forgot it)
- "control panel" > "add or remove programs" > "add/remove windows components" is not accessable (gives error messages)
- not able to run most of microsoft softwares
there's probably a lot more symptoms. in my case, i was not able to use zonealarm (installed one and new installer did not work), msn did not work, add/remove windows components was giving errors

there can be several causes, deleting by accident, virus, trojan, corrupted and unmaintained system..etc.

= FIX =

no specific fix, it has to be done part by part, file by file. here are only steps you want to try, in order to get everything back running.
remember that reinstalling OS will fix all of those issues, but you will lose settings and programs (programs will stay, but you cant run them without reinstalling). so if you have lot of settings and programs you dont want to lose (like me) you will definetly want to go for other steps.

1. Exporting / Importing
- open IE (internet explorer) of if you do not have, open windows explorer (open ANY folder in your pc)
- now in the URL/PATH bar put an internet link >
- this will open my site and windows explorer turns into ie
- in IE, go to "tools" > "internet options" > "content" > "certificates"
- here you can view all your certificates, to make sure you have all, do the same in another computer running same OS (version should not be important)
- export all the certificates from other PC/laptop (to select more than one at once, either hold down CTRL and select or select FIRST one, then hold down shift and select last one, this will select ALL in list, then export).
- make sure to export all certificates from under all tabs, like trusted ..etc
- now in your broken pc, import them back, by using that import button.
- reboot, just to make sure everything takes effect

2. Replacing / Adding .inf and .dll files
- use another computer that has working .inf files and go into /WINDOWS/inf/ directory, copy all files into your broken computer
- use another computer with same working OS, go into WINDOWS/system32/setup/ directory and copy all files into your broken system
- to make sure you are still not missing files, do this:
- go to "control panel" > "add or remove programs" > "add/remove windows components"
- if you are able to open it and see the list, then you are probably not missing any .inf and/or .dll files
- if you get an error, follow the filename in error.
- do a google search for "missingfile.inf" and/or "missingfile.dll" and download them, put them into right directory.
- where missingfile is the filename of the file that you see in the error.
- .dll files go into > /WINDOWS/system32/setup
- .inf files go into > /WINDOWS/inf

3. Registering some .dll files
- the following lines have to be entered into command prompt one by one and pressing enter after each one
- or it is easier to use a .bat (batch) file
- make new file (any, but .txt is best)
- rename it to yourfile.bat
- open yourfile.txt with notepad++ or any other text editor
- paste the following lines into yourfile.bat and save, then exit and then double-click yourfile.bat

Code: Select all
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wuweb.dll
regsvr32 atl.dll
regsvr32 Softpub.dll
regsvr32 Wintrust.dll
regsvr32 Initpki.dll
regsvr32 Mssip32.dll

- follow the popup boxes, if it says error, not found or something similiar (anything else but succeeded), then write down the missing files again.
- if you get no errors, good, you are done.
- if you get missing or somethign like that, do the google search for missingfile.dll again and download them all.
- those missing .dll files will go into "/WINDOWS/system32/" directory.

4. Removing / Renaming "CatRoot2" and restarting "crypthographic services"
- this is SSL specific usually, if you cant operate with SSL connections, but if first 3 did not help, try it.
- control panel
- administrative tools
- services
- find "cryptographic services"
- if its started, stop it (right click for options)
- go into /WINDOWS/system32 and find "CatRoot2"
- rename it to something else (like CatRoot2_bak)
- start cryptographic service again
- if its not started, do same with CatRoot2, then right click "cryptographic services" and "properties"
- startup type should be "automatic"
- now start the service
- you may want to reboot after this or between steps (like when stopping), there is no golden rule, whatever works best for you. sometimes it might work without rebooting, sometimes it might not work at all, its microsoft after all :(

NOTE- if this service is not on automatic or not started, then you have some serious issues.

If you are unable to fix errors, reply here and i will try to find more solutions.
I was able to fix all of my problems, by following those steps.
steps 1 - 3 fixed my issues for good.
DO NOT belive those "experts" who tell you to format or reinstall, everything can be fixed by Sethioz :)

Re: Root Certificates in windows xp - missing, corrupt etc -

PostPosted: Thu Oct 13, 2011 12:15 pm
by margita
I came across this post during my research on the following problem
I am having at the moment:

I am trying to connect a Windows XP, SP3 PC to
a Windows Home Server 2011. I have successfully
connected a number of Win XP, SP3 and Win7 PCs to the server
except this one.

I pinpointed the problem to the PC's inability
to receive a valid digital certificate from the server.

I found this message in the ClientDeploy.log
which says:

Could not establish trust relationship for the SSL/TLS secure
channel with authority ...The channel was closed. The remote
certificate is invalid according to the validation

Whenever I try to connect the PC to the server I get this:

The Server is not available. Try connecting this
computer again, or for more information, see Troubleshoot
connecting computers to the server."

On opening the certificate on the PC I read:
"This certificate has an nonvalid digital signature"

Obviously the PC keeps
getting an invalid certificate from the server
which it shouldn't be getting as the other PCs
are fine. The time and zone are correct
on the PC and the server.

I tried to export and import the certificate and
it didn't work. I tried many other things. Also,
registering the dlls (although I have not tried
all your dlls yet).

So before I try out your measures, I was wondering
if you would be able to comment on this?
I really don't want to reinstall the OS which is what
everyone is recommending.

Thank you,

Re: Root Certificates in windows xp - missing, corrupt etc -

PostPosted: Thu Oct 13, 2011 1:18 pm
by Sethioz
im not exactly microsoft support and i can't remember about it, but reinstalling OS is for noobs or for people who can't bother sovling problems and want to lose all settings. so its a bad idea.

instead what i would try, is install virutal pc or vmware or any other virtual machine software, install that same OS in there and test with that.
its not even necessary to test if you are sure its your current OS that is messed up, so just copy all the root certificates from that OS (installed in virtual) and import them into that broken OS.
in theory, it should solve the issue.

just follow this guide on how to replace or add them.

Re: Root Certificates in windows xp - missing, corrupt etc -

PostPosted: Thu Oct 13, 2011 1:30 pm
by margita
Thank you very much for your reply.

Yes, I would not want to reinstall the OS.
I am quite sure that it is the current OS which is messed up.

I have not tried everything in your guide yet except for exporting
the certificates from the "healthy" PCs which didn't work.
Should I try your guide first?

Also, I am not quite clear about installing the virtual PC.
Do you mean installing it on the PC with the messed up OS?
If so, why would exporting the certificates work this way
if the actual OS is messed up?

Thank you.

Re: Root Certificates in windows xp - missing, corrupt etc -

PostPosted: Thu Oct 13, 2011 1:47 pm
by Sethioz
try this method first, doing these steps somehow fixed my problem.
if you don't know what virtual PC is, then google it. since i don't want to go offtopic explaining what virtual is.

Re: Root Certificates in windows xp - missing, corrupt etc -

PostPosted: Thu Oct 13, 2011 2:20 pm
by margita
Thank you.

Just to make sure, I understand:
are you saying that I should try the guide you outlined in your first post first?

As for the virtual PC, yes, I know what it is and I experimented with it,
although I don't remember much about it now. This means downloading
Virtual PC 2007 onto this Windows XP, SP3 machine and try joining
the PC to the server this way. However, Virtual PC 2007 is for
Windows 7 as far as I know. Also, the running of it is limited
by the amount of RAM and this PC is not exactly endowed with
a lot of memory.

Thank you for your patience.

Re: Root Certificates in windows xp - missing, corrupt etc -

PostPosted: Thu Oct 13, 2011 7:09 pm
by Sethioz
well yes, that's what you should try first.

if you have any other machine to test on .. install it there. it has to be same windows version just to make sure certificates are correct.
try any virtual software, there are many out there.