Windows file protection

[Ofer]

hello, each time i reboot my computer, i get the following message: "files
that are required for windows to run properly have been replaced by
unrecognized verion, to maintain system stability windows must restore the
original version of these files. insert your windows 2000 CD now".
when i insert the CD the message disappear, but it comes back after reboot.
any ideas what can it be?
thanks.

 

[neo [mvp outlook]]

Check your event logs for the following entry.

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64033
Date: <OMITTED>
Time: <OMITTED>
User: N/A
Computer: <OMITTED>
Description:
Windows File Protection could not be initialized. The specific error code
is 0xc000000f.

If you see this error, check the local computer certificate store to see if
the Trusted Root Certificates have been deleted or corrupted. These steps
would be...


1) Logon to the workstation with local administrator privileges
2) Select Start | Run
3) Type: MMC
4) OK button
5) Select File | Add/Remove Snap-in
6) Select Add button
7) Pick Certificates
8) Select Computer Account > Next
9) Select Local Computer > Finish
10) Select Close/OK to return to console window
11) Expand Trusted Root Certificate Authorities

Question: Is there a "Certificates" folder under Trusted Root Certificate
Authorities? If yes, continue. If no, then you can stop at this point
because the PKI environment is compromised at this point.

12) Select Certificates folder
13) Do the following "Issued To" certificates exist?

Copyright(c) 1997 Microsoft Corp., Expire: 12-30-1999 Purpose: Time
stamping
Microsoft Authenticode(tm) Root Authority, Expire: 12-31-1999 Purpose:
Secure Email, Code Signing
Microsoft Root Authority, Expire: 12-31-2020 Purpose: ALL
NO LIABILITY ACCEPTED, (c) 97 Verisign Inc., Expire: 1-7-2004 Purpose: Time
Stamping
Verisign Commercial Software Publishers CA, Expire: 1-7-2004 Purpose: Secure
Email, Code Signing
Thawte Timestamping CA, Expire: 12-31-2020 Purpose: Time Stamping

Just so you know, Windows 2000 PKI environment consists of 108 certificates.
The 6 above are core to the operating of Microsoft Windows. While you can
restore them from another machine, you might choose to reinstall because the
other certificates is what helps with "HTTPS" and getting just about any
data encrypted/unecrypted.

 

[Cyberbear]

I've seen this problem on 3 machines in the last 10 days. Is there something
new that is causing this to happen?

Importing the certificate from another windows 2000 box, as suggested in
Microsoft's KB article 296241, does not seem to solve the problem.

 

[neo [mvp outlook]]

What I have found is if you delete (link to 293781 at bottom of yours) the
magic 6 certificates (if they exist), reboot, import, and reboot tends to
work. (working on 10 machines that showed this last week). As for cause,
have no clue as to what caused the entire certificate store to just up and
disappear. Just thought it was odd that I had 10 machines do this last
week. (1 on Mon. 6 on Tues. The rest on Wed.)

/neo

ps - haven't applied january's critical updates... so that is out.

 

[Guest]

I am having the same problem with a users computer. I tried importing the one
certificate it called for in the knowledge base, however it didnt help. Any
ideas where I should start next?

 

[neo [mvp outlook]]

do u have the 6 certificates mentioned in 293781?

 

[Guest]

Just checked the computer. No certificates were present only the one I
imported the other day (NO LIABILITY ACCEPTED from Verisign). So what next?
Import the other 5, the 2000 system I got the other vertificate off of has
about 50. I guess you acquire them over time though right?

 

[Guest]

There are no certificates there except the one I imported the other day. What
next? Import the other 5. Or should it have more also?

 

[neo [mvp outlook]]

the windows 2000 operating system comes with 108 certificates. the magic 6
(yes, get from another and import) is what makes windows and windows only
tick.

 

[Guest]

What about the other 102?

the windows 2000 operating system comes with 108 certificates. the magic 6
(yes, get from another and import) is what makes windows and windows only
tick.

 

[neo [mvp outlook]]

well, the other 102 is what makes the "world" tick. (if the other 102
aren't brought in, then users might see where they get the approve
certificate dialog when visiting https sites. users might see things like
outlook 2003's ability to connect via rpc over https fail.) i have not
found a fast way to restore these certificates.

 

[Guest]

Thanks for your help. I am going to restore those 6 today on the users
computer. I will let you know how it goes. I was going to say you couldnt
impport other certificates (102) from another machine because these are
probably acquired throughout time correct?

 

[neo [mvp outlook]]

Nope. They are installed with the operating system. You could probably
acquire thru time via IE when you get that certificate warning dialog. (You
would have to view the certificate, highlight the CA that certified the web
certificate and install it. However I'm discovering that a user install of
a Trusted Root CA doesn't end up in the local computers trusted root ca.)

 

[Guest]

I imported the 6 must-have certificates and the dialog didn't appear on
reboot. Seems to have fixed the problem. HR Manager was happy!! Thanks for
your help.
Could you import the other 102 Certificates to another computer? Oh and
wonder what caused the HR Managers computer to have all the Trusted Root
Certificates vanish? There were none there.

 

[neo [mvp outlook]]

yes to the first and wish i knew on the second.

I imported the 6 must-have certificates and the dialog didn't appear on
reboot. Seems to have fixed the problem. HR Manager was happy!! Thanks for
your help.
Could you import the other 102 Certificates to another computer? Oh and
wonder what caused the HR Managers computer to have all the Trusted Root
Certificates vanish? There were none there.

 

[Yor Suiris]

Can I pop in here? Anyone still following this thread?
I have similar problem of machine wanting the CD every boot and have read
through this thread.
I have the magic 6, but they are expired. Even in Neo's outline, he shows
all but two of them as pass their date.
Is this important?

 

[neo [mvp outlook]]

believe it or not, i look at older threads that i participate in. near as i
can tell, no. i've taken a vmware session of windows 2000/xp and blown the
entire store away and rebooted. I get WFP. Add the 6 certificates back to
the local computer account's trusted root authority and rebooted and the
dialog is gone. If you have the magic 6, export them, delete them from the
store, reboot, add them back, reboot.)

/neo

ps - and before you ask are mvps weird in doing this... the answer is yes.
pss - there is one other article that walks one thru unregistering/registry
dll files that comprise the pki technology in windows. (let me see if i can
find it... again)

 

[neo [mvp outlook]]

found it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;822798&sd=RMVP

 

[Yor Suiris]

Ok I do believe I have a problem.
Thanks for the feed back I went through the link you offered and I think I
may know where my problem is now, but not what to do next.
I have no Cryptographic Services running on my 2000 machines, at least the 4
I have checked so far (three servers and one WS).
Not only is it not running, but not even listed in the services applet. And
I have no folder named CatRoot2. I have a CatRoot, but no CatRoot2 as the
paper instructs. I do appear to have the DLLs (at least the ones I searched
for).
%Windir% is not hidden.
Unsigned Driver Behaviour is set to silently succeed.
Enable Trusted Publisher lockdown is not enabled.

Although my XPs have it listed and running.

So how does one get the Cryptographic Services installed? And why do I not
have it?
Is this something to do with IE versions? As these machines were originally
setup with IE5 and only recently have we gone to IE6. So I guess the order
of the security updates may be an issue. ???

Ideas???









..

 

[neo [mvp outlook]]

Windows 2000 doesn't have a cryptographic service and i thought the article
mentioned that. :/

Just go thru method 4 of using regsvr32 to unregister/register the files it
mentions. (You won't have a Sccbase.dll file on Windows 2000)

Outside of that, I've never done any of the other methods since certs or
method 4 has cleared up the ones I have run across.