A certificate chain could not be built to a trusted root authority – Microsoft Visual Studio_.Net Framework Setup & Deployment Tips & Tricks.pdf

(137 KB) Pobierz
This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use.
Learn more
| Developer
Microsoft Visual Studio/.Net Framework Setup & Deployment Tips & Tricks
Search
Sign in
A certificate chain could not be built to a
trusted root authority
Rate this article
★★★★
★★
★★★★★
★★★
Soumitra Mondal
March 28, 2016
0
0
Follow Us
Popular Tags
Visual Studio 2012
visual studio launch
error
New User Logon
Failing with error
“User profile cannot
be loaded” After
Installing Visual
Studio 2013
.Net Framework
required
Microsoft.VC80.CRT
A newer version of
Microsoft Visual
C++ Redistributable
has been detected
on this machine
error 1612
Dependent
Assembly could not
be found
visuals studio 2010
HKEY_CURRENT_USERSoftwareMicrosoftVisualStudio10.0ExtensionManagerEnabledExtensions
User profile cannot
be loaded
Could not create
Shortcut
visual studio new
project
Visual Studio
Slipstream
Visual Studio update
3
package load errors
type="win32"
visual studio
extensions
Visual Studio 2013
system context
Warning 1909
11
Security Update for Microsoft .NET Framework 4.X (KB3135996 or KB3136000) may fail with the below error
message: Installation failed with error code: (0x800B010A), "A certificate chain could not be built to a trusted
root authority."
As per the install log:
C:\65760b35b9bcb98aad5de44ad83b\NDP45-KB3135996.msp Signature could not be verified for NDP45-
KB3135996.msp
No FileHash provided. Cannot perform FileHash verification for NDP45-KB3135996.msp
File NDP45-KB3135996.msp (C:\65760b35b9bcb98aad5de44ad83b\NDP45-KB3135996.msp), failed
authentication(Error = -2146762486). It is recommended that you delete this file and retry setup again.
Failed to verify and authenticate the file -C:\65760b35b9bcb98aad5de44ad83b\NDP45-KB3135996.msp
Please delete the file, C:\65760b35b9bcb98aad5de44ad83b\NDP45-KB3135996.msp and run the package again
According to the CAPI2 event messages inside the log:
                          
                                  <CryptRetrieveObjectByUrlWire>
                                                                                 <URL
scheme="http">http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt </URL>
                                                         
                       <Object type="CONTEXT_OID_CERTIFICATE" constant="1"/>
                                                                                 <Timeout>PT15S</Timeout>
                                                                                 <Flags value="286005"
CRYPT_RETRIEVE_MULTIPLE_OBJECTS="true" CRYPT_WIRE_ONLY_RETRIEVAL="true"
CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL="true" CRYPT_OFFLINE_CHECK_RETRIEVAL="true"
CRYPT_AIA_RETRIEVAL="true" CRYPT_PROXY_CACHE_RETRIEVAL="true"/>
                                                                                 <AdditionalInfo>
                                                                                                      <Action name="NetworkRetrievalTimeout">
                                                                                                                          <Error value="5B4">This operation
returned because the timeout period expired. </Error>
                                                                                                      </Action>
                                                                                 </AdditionalInfo>
                                                                                 <EventAuxInfo ProcessName="Setup.exe"/>
                                                                                 <CorrelationAuxInfo TaskId="{98B7F5D9-09DF-4158-8662-
72272FA6171C}" SeqNumber="9"/>
                                                                                 <Result value="5B4">This operation returned because the
timeout period expired.</Result>
                                                </CryptRetrieveObjectByUrlWire>
This issue occurs when this certificate MicRooCerAut2011_2011_03_22.cer is missing particularly when you
operate in an environment that's disconnected from the Internet or that has a firewall that blocks content from
the following URL:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
This behavior is
due to recent changes to
Microsoft Windows Enforcement of Authenticode Code Signing and Timestamping.
In order to resolve this issue, please try the below steps:
·         Download the certificate
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt 
locally
(Example: C:\Temp)
·         You can use the certmgr.exe utility to add the certificate by using command line. For more information,
see the
Certmgr.exe (Certificate Manager Tool)
topic at MSDN.
·         Open an admin command prompt and run this command:
certmgr.exe /add 
C:\Temp\MicRooCerAut2011_2011_03_22.cer /s /r localMachine root
·         Next try installing the patch KB3135996 or KB3136000
Alternatively, you can download and install KB2813430 and then manage certificates individually:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en 
For more information, see the
Configure trusted roots and disallowed certificates
&
Install a Root Certification
Authority on offline machines
topics at TechNet.
Archives
April 2017 (1)
December 2016 (1)
September 2016 (1)
August 2016 (1)
May 2016 (3)
April 2016 (2)
All of 2017 (1)
All of 2016 (11)
All of 2015 (4)
All of 2014 (11)
All of 2013 (40)
All of 2012 (36)
All of 2011 (16)
All of 2010 (21)
All of 2009 (23)
Comments (11)
Name *
Email *
Website
Post Comment
Adam Austin
April 20, 2016 at 3:39 pm
To install the certificate in the third bullet, you might want to use certutil rather than
certmgr: certutil -addstore root . Cleaner utility in my opinion. Also, if you configure your
systems to be in compliance with DoD STIGs, there is a registry key you will want to check
to see if it is preventing install of .NET patches:
HKU\\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software
Publishing “State” key. If you set this key to be the value required in the .NET 4 STIG, it may
prevent install of patches in a disconnected environment.
Reply
Andi B.
August 11, 2016 at 12:49 pm
You made my day!!
Reply
Andy Newton
April 25, 2016 at 4:16 pm
Worked perfectly.
Reply
Jeremy
July 6, 2016 at 5:28 pm
Thank you. The command above should read with a .crt instead of a .cer.
“certmgr.exe /add C:\Temp\MicRooCerAut2011_2011_03_22.crt /s /r localMachine root”
Reply
David
August 9, 2016 at 9:57 am
Works like a charm! Thank you!
Reply
Edward Tisdale
August 23, 2016 at 7:54 pm
You can also extract the .exe and run the .msp.
[patch.exe] /s /x /b ‘[export path]’ /v ” /qn ”
Then run the [export path].msp.
Reply
asda
October 31, 2016 at 5:57 pm
it works. Thannks!@
Reply
Cristian Stefan
December 17, 2016 at 5:12 pm
Thank you for the solution is working perfectly.
Reply
Racquel Vanzant
March 7, 2017 at 4:04 pm
You have the extension wrong for the cert file!!!
Reply
Hajoutak
March 20, 2017 at 2:00 pm
It was great to get here and at last it worked perfectly
Reply
Privacy
Terms of Use
Trademarks
© 2018 Microsoft

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin