This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEA%3C/text%3E%3C/svg%3E)
Hello,
I want enable the automatic root certificates update on Windows Server 2016 to address an error message given by testconnectivity.microsoft.com
I have only found descriptions for older Windows versions like the following advice by Microsoft for Windows Server 2008. Not surprisingly, there is no "Turn off Automatic Root Certificates Update" entry in the 2016 edition.
- Click Start, and then click Run.
- Type gpedit.msc, and then click OK.
- If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- Double-click Administrative Templates, double-click System, double-click Internet Communication Management, and then click Internet Communication settings.
- Double-click Turn off Automatic Root Certificates Update, click Enabled, and then click OK.
- Close the Local Group Policy Editor.
I have also tried to directly modify the registry value for the respective entry as suggested on several websites. However, also this entry does not exist in Windows Server 2016. I guess it doesn't make sense to create a new entry. It might be even counterproductive and cause further errors.
HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRootD
WORD DisableRootAutoUpdate = ...
I would be thankful for any hint to solve the problem!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
I checked the "automatic root certificates update" from the Local Group Policy on the 2016 server and the 2019 server, both have the entry.
I would recommend you download the administrative admx files and update the one on your server.
https://www.microsoft.com/en-us/download/details.aspx?id=102157
Rename the folder "PolicyDefinitions : in C:\Windows to PolicyDefinitions old ,and create a new folder named PolicyDefinitions then put the files you download into it.
Then check the entries again.
Best Regards,
Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,
Thanks a lot, now it works!