Failed extract of third-party root list from auto update cab

Follow up from that post

Failed extract of third-party root list from auto update cab:

Hi Susan,


Thank you for posting!


I also noticed this event error logged on my servers, and have consulted the Dev team. This error has no impact to functionality and no troubleshooting is needed.


Here is the information from the Dev team:


The event log error indicates that the signing certificate for the CTL (certificate trust list) has expired. This was likely caused by the following issue:


The signing certificate for the automatic root update CTL expired on 7/9. We re-signed the CTL with a renewed certificate and published it on Windows Update on 7/7. A valid CTL was available on WU before the signing certificate expired.


However, for any machine that had the older CTL cached, CAPI will first try to use the cached CTL which would result in the error you are seeing. Since the cached CTL does not have a time valid signature, CAPI will retrieve the CTL from WU and obtain the valid CTL. As a result, certificate validation will not be affected but you will see the error being logged due to the cached CTL with an expired signing certificate. Once the updated CTL is retrieved from WU, you will not see this error and no further action will be required for resolving this.


Best regards,

Tony Ma
Partner Online Technical Community
We hope you get value from our new forums platform! Tell us what you think:
This posting is provided “AS IS” with no warranties, and confers no rights

Comments are closed.

Post Navigation