This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi,
I'm getting the following event log error from today on couple of Windows Server 2012 R2 Standard systems.
Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 3/2/2021 5:21:06 PM
Event ID: 4107
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: WEB01
Description:
Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: None of the signers of the cryptographic message or certificate trust list is trusted.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-03-02T22:21:06.562672800Z" />
<EventRecordID>42138</EventRecordID>
<Correlation ActivityID="{300E0B91-0820-0000-****-0E302008D701}" />
<Execution ProcessID="440" ThreadID="1768" />
<Channel>Application</Channel>
<Computer>WEB01</Computer>
<Security />
</System>
<EventData>
<Data>http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab</Data>
<Data>None of the signers of the cryptographic message or certificate trust list is trusted.
</Data>
</EventData>
</Event>
Nothing was changed today on the windows side. Automatic updates were turned off. Any fix for this issue, the error is coming continuously.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi ,
For more details about event ID 4107, check if the following article can help with you:
Event ID 4107 or Event ID 11 is logged in the Application log
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I think this may be an issue from Microsoft side, because the error was gone without doing anything and got a information message in event viewer like "third-party root list updated". The same happen on all the servers.
because the error was gone without doing anything
Whether everything works fine now?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 27%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETO%3C/text%3E%3C/svg%3E)
Here is you answer you have a rootkit hacker guess what I do also I have had it 4 years no one can help on this on it can use io loop link for internet without service to it at all it in my phone my TV and car.. this is the end of our defenses for America to don't worry about saving money..
So many companies and people have this its unbelievable they just tell people oh you don't have any virus because they can do nothing..