Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Several Events ID 8 about crypt32 after installing Symantec Endpoint ProteSeveral Events ID 8 about crypt32 after installing Symantec Endpoint Protection (SEP)ction (SEP)

Updated: 29 Jul 2010 | 3 comments
FbacchinZF's picture
FbacchinZF
Certified
0 0 Votes
Login to vote

Does anyone had this problem before ?

I want to discuss it more and share solutions, 'cause the document at :

isn't that clear.

also the MS KB at :

I want to know what exactly is causing this on my clients:

Is it SEP11 trying to update it's certificate at

What will happen with clients that do not have Internet access (like some servers, for example) ?

 Removing

Also on Symantec KB, from step 4 to 5, there's a procedure for the SEPM's. What exactly it does ?

Any comments will be appreciated,

Microsoft Update website using the SYSTEM account which cannot access the proxy ? Why ?http://support.microsoft.com/kb/317541http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1f626f1854285036802574e4002de4c7?OpenDocument

discussion Filed Under:
, , , , , , , ,

Comments

Rafeeq's picture
17
Nov
2009
0 Votes 0
Login to vote
Rafeeq

Hi

Please check this info.. very well addressed

https://www-secure.symantec.com/connect/forums/after-install-sep-client-mr5-i-have-receive-all-machine-events-error-crypt32

checked your links it explains the same

I suppose it should be symatec endpoint protection not manager on steps 4 and 5 in the above mentioned document

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

matt will fix it's picture
19
Jan
2010
0 Votes 0
Login to vote
matt will fix it

I have found the root cause

I have found the root cause of this issue. No one in Symantec could tell me the root cause, I figured it out for myself in the end. If you are getting Event ID 8 errors in the Event Log after installing SEP, its because SEP is using a self-signed certificate for client-server communication. Windows attempts to find the trusted root for the certificate, but because the computer account has no proxy set (or no proxy access), the update fails. This is triggered more often after SEP is installed as SEP keeps trying to use the self signed certificate.

1)      Computer account doesn’t have a proxy set, so can’t get out to the Windows Update website
2)      SEP is using a self signed certificate for client/server communication
3)      SEP uses the self signed certificate and Windows can’t find a trusted root certification authority
4)      “Update Root Certificates” component tries to connect to the internet to see if there is a new trusted certificate authority (See Turn off Automatic Root Certificates Update - http://technet.microsoft.com/en-us/library/cc749503(WS.10).aspx )
5)      Update root certificate doesn’t work as connection times out

Our solution:

1)      Turn off the updating of root certificates from the internet via GPO (see http://technet.microsoft.com/en-us/library/cc749503(WS.10).aspx )
2)      Install root certificates as part of the Windows Updates (this package does the same thing - http://support.microsoft.com/kb/931125 )
GIMTech's picture
29
Jan
2010
0 Votes 0
Login to vote
GIMTech

Thanks Matt!

I too have been frustrated not knowing what causes the problem in the first place. It's been obvious that it was triggered by SEP11.
Your conclusion makes perfect sense. Thanks so much for sharing it!
 

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,921