Endpoint Protection

 View Only

  • 1.  Several Events ID 8 about crypt32 after installing Symantec Endpoint ProteSeveral Events ID 8 about crypt32 after installing Symantec Endpoint Protection (SEP)ction (SEP)

    Posted Nov 17, 2009 02:26 PM

    Does anyone had this problem before ?

    I want to discuss it more and share solutions, 'cause the document at :

    isn't that clear.

    also the MS KB at :

    I want to know what exactly is causing this on my clients:

    Is it SEP11 trying to update it's certificate at

    What will happen with clients that do not have Internet access (like some servers, for example) ?

     Removing

    Also on Symantec KB, from step 4 to 5, there's a procedure for the SEPM's. What exactly it does ?

    Any comments will be appreciated,

    Microsoft Update website using the SYSTEM account which cannot access the proxy ? Why ?    http://support.microsoft.com/kb/317541    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1f626f1854285036802574e4002de4c7?OpenDocument


  • 2.  RE: Several Events ID 8 about crypt32 after installing Symantec Endpoint ProteSeveral Events ID 8 about crypt32 after installing Symantec Endpoint Protection (SEP)ction (SEP)

    Posted Nov 17, 2009 02:39 PM
    Please check this info.. very well addressed

    https://www-secure.symantec.com/connect/forums/after-install-sep-client-mr5-i-have-receive-all-machine-events-error-crypt32

    checked your links it explains the same

    I suppose it should be symatec endpoint protection not manager on steps 4 and 5 in the above mentioned document


  • 3.  RE: Several Events ID 8 about crypt32 after installing Symantec Endpoint ProteSeveral Events ID 8 about crypt32 after installing Symantec Endpoint Protection (SEP)ction (SEP)

    Posted Jan 19, 2010 06:18 PM
    I have found the root cause of this issue. No one in Symantec could tell me the root cause, I figured it out for myself in the end. If you are getting Event ID 8 errors in the Event Log after installing SEP, its because SEP is using a self-signed certificate for client-server communication. Windows attempts to find the trusted root for the certificate, but because the computer account has no proxy set (or no proxy access), the update fails. This is triggered more often after SEP is installed as SEP keeps trying to use the self signed certificate.

    1)      Computer account doesn’t have a proxy set, so can’t get out to the Windows Update website
    2)      SEP is using a self signed certificate for client/server communication
    3)      SEP uses the self signed certificate and Windows can’t find a trusted root certification authority
    4)      “Update Root Certificates” component tries to connect to the internet to see if there is a new trusted certificate authority (See Turn off Automatic Root Certificates Update - http://technet.microsoft.com/en-us/library/cc749503(WS.10).aspx )
    5)      Update root certificate doesn’t work as connection times out

    Our solution:

    1)      Turn off the updating of root certificates from the internet via GPO (see http://technet.microsoft.com/en-us/library/cc749503(WS.10).aspx )
    2)      Install root certificates as part of the Windows Updates (this package does the same thing - http://support.microsoft.com/kb/931125 )


  • 4.  RE: Several Events ID 8 about crypt32 after installing Symantec Endpoint ProteSeveral Events ID 8 about crypt32 after installing Symantec Endpoint Protection (SEP)ction (SEP)

    Posted Jan 29, 2010 07:16 AM

    I too have been frustrated not knowing what causes the problem in the first place. It's been obvious that it was triggered by SEP11.
    Your conclusion makes perfect sense. Thanks so much for sharing it!