At some point, something I did on my XP Home Edition computer caused
AuthentiCode to break. Since I was still busy installing and configuring
the computer, I am unable to track exactly what broke it.
The symptoms I am getting are as follows: WindowsUpdate fails, stating that
"Your Internet Explorer security settings may be set too high". Changing
the security settings as per Q174360 does not have any effect. The
following entries appear in "Windows Update.log" every time I attempt to run
Windows Update:
2002-08-31 16:47:52 14:47:52 Success IUCTL Starting
2002-08-31 16:48:18 14:48:18 Error IUCTL Digital Signatures
on file C:\Program Files\WindowsUpdate\V4\temp\iuident.cab are not trusted
(Error 0x80096001: A system-level error occurred while verifying trust.)
2002-08-31 16:48:18 14:48:18 Error IUCTL Digital Signatures
on file C:\Program Files\WindowsUpdate\V4\temp\iuident.cab are not trusted
(Error 0x800B0004: The subject is not trusted for the specified action.)
2002-08-31 16:48:18 14:48:18 Error IUCTL Failed to download
iuident.cab from http://windowsupdate.microsoft.com/v4/ to C:\Program
Files\WindowsUpdate\V4\temp (Error 0x800B0004: The subject is not trusted
for the specified action.)
2002-08-31 16:48:18 14:48:18 Success IUENGINE Starting
2002-08-31 16:48:21 14:48:21 Success IUENGINE Shutting down
Further, if I go into Internet Explorer and view any of the trusted root
authorities' certificate, I get the same error message: "A system-level
error occured while verifying trust."
I have searched through quite a few newsgroups and web sites, but have not
been able to find a way around this. The only item I have found that held
any promise was re-installing Internet Explorer (there are published steps
available for accomplishing this on XP) but this did not solve the problem
either.
Does anyone have any idea on how to fix Authenticode so I can use
WindowsUpdate? Would appreciate any constructive feedback.
Jannie Hanekom
See this Microsoft - Article ID Q318378
How to Reinstall or Repair Internet Explorer and Outlook Express in
Windows XP
http://support.microsoft.com/default.aspx?scid=kb;[LN];q318378
I hope at least your I.E. is usable to get to a plain vanilla web site. e.g, it's working.
Some settings you ought to consider changing in order to get around the current problem: But pls notice only 2 points (lines) are an experiment to get you over this episode.
In I. E. Tools >Internet Options > Advanced Tab > (scroll down thru the list)
Under HTTP 1.1 settings --
Use HTTP 1.1 (ON / Selected)
and under Security :
Clear (un-check) the check box next to "Check for server certificate revocation" . ( *OFF* )
Clear (un-check) "Check for publisher's certificate revocation" (*off*) <<-this is the experiment)
Clear (un-check) "Check for signatures on downloaded programs" (* OFF* ) <<-(this too an experiment)
Use SSL 2.0 (ON / selected)
Use SSL 3.0 (ON)
Use TLS 1.0 (ON)
Apply changes.
Internet Explorer > main menu /Tools/Internet Options
Add these 2 entries to list of "Trusted Sites" -- the syntax as follows -- with the * wildcard:
*.windowsupdate.microsoft.com
*download.windowsupdate.com
Security Tab/ click on green icon Trusted Sites/click Sites button, add & apply change(s).
On the SECURITY Tab > Custom level button > recheck all entries under Settings.
Review items that you may have disabled.
The Windows Update site (as do many others) uses scripting, VBS scripting, ActiveX. So be aware to not turn them off.
--
Maurice N
--------------------------------------------------
I did, however, managed to fix the problem. If only I had actually used
some of my experience from a few years of corporate IT, I might have solved
this problem a lot sooner...
An attempted System Restore this afternoon alerted me that a directory in my
user profile ("Application
Data\Microsoft\SystemCertificates\My\Certificates") was "corrupt and
unreadable", despite chkdsk not being able to find anything in previous
troubleshooting attempts.
The basic step of creating another administrative user and testing from that
account confirmed that the problem was user-related. I deleted the original
account and user profile, but the "corrupt" directory is still there, and
will probably remain for the rest of the machine's life.
Problem appears to be solved now, however. I can use Windows Update, all my
Certificates are working properly, and even Norton Antivirus 2002 which gave
a "Permission Denied" error message (seems to use signed components) when
opening, now runs smoothly.
From the number of posts I found on this particular problem (none) I would
guess it is a fairly rare occurence, but creating another user with a fresh
user profile is always a good way to narrow down possible causes of a
problem.
Thanks again for the efforts you guys put in here. Much appreciated.
Jannie
Yes, apparently, yours is one of the rare ones. Kuddos on your analysis & fix.
--
Maurice N
--------------------------------------------------