Computers running Symantec Endpoint Protection (SEP) client recieve multiple crypt32 errors in the Windows application event log. These errors may or may not occur on systems not running SEP clients.
The following error appears in the Windows Application event log:
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Failed auto update retrieval of third-party root list sequence number from: http: //www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
Error: This operation returned because the timeout period expired.
For more information, see Help and Support Center at http: //support.microsoft.com
This behavior is expected on and Pre-Vista Windows OS ( Windows 2003 R2 and earlier ) SEP clients that do not have access to Microsoft's Windows Update servers. With the release of Windows Vista, Microsoft changed the Windows Security Center (WSC) component to require security software that interacts with the WSC to use new digital signatures. These signatures are included as a part of the Kernel in Windows Vista and newer. Pre-Vista Operating Systems must check the validity of the certificate via Microsoft's Windows Update each time a signed component is executed.
There are several reasons clients may be unable to validate the new certificates. Some environments may be affected by more than one. Known issues which cause this behavior are:
For more information on this issue, see Microsoft document: http://support.microsoft.com/default.aspx?scid=kb;en-US;2253680
To prevent this issue, affected clients will need to either have unrestricted access to Windows Update, or have the "Disable Automatic Root Certificates Update" policy applied in Group Policy
Troubleshooting connectivity issues:
General Internet connectivity issues need to be verified and resolved before this issue can be resolved.
If necessary, ensure all affected systems are able to access Windows Update via their built-in Computer accounts. SYSTEM account proxy settings can be configured through the Windows registry, or Windows Group Policy. Please consult Microsoft Support for further information on available options to configure this Windows setting.
Disabling Automatic Root Certificates Update:
For more information on disabling Automatic Root Certificates Update functionality in Windows, see Microsoft document: http://technet.microsoft.com/en-us/library/cc749503(WS.10).aspx