cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

BESR 2010 causing CAPI2 errors every backup

Fernando_Vinan-
Level 4

‎07-14-2010 06:47 AM

Hi,

Can someone please tell me why after a clean install BESR 2010 (9.0.1.36.527) onto Windows Server 2008 R2 produces the following CAPI2 errors at the start of every backup? I know it's BESR as the event log states the process involved is "Spsprebkup.exe":

Log Name:      Microsoft-Windows-CAPI2/Operational
Source:        Microsoft-Windows-CAPI2
Date:          14/07/2010 15:12:55
Event ID:      11
Task Category: Build Chain
Level:         Error
Keywords:      Path Discovery,Path Validation
User:          SYSTEM
Computer:      HOMER.myserver.com
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
    <EventID>11</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>11</Task>
    <Opcode>2</Opcode>
    <Keywords>0x4000000000000003</Keywords>
    <TimeCreated SystemTime="2010-07-14T13:12:55.670849800Z" />
    <EventRecordID>18</EventRecordID>
    <Correlation />
    <Execution ProcessID="3600" ThreadID="1856" />
    <Channel>Microsoft-Windows-CAPI2/Operational</Channel>
    <Computer>HOMER.myserver.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <CertGetCertificateChain>
      <Certificate fileRef="51C731109CF66DD3F9C55D28A95D9E4DEA12FE97.cer" subjectName="Microsoft Certificate Trust List Publisher" />
      <AdditionalStore>
        <Certificate fileRef="375FCB825C3DC3752A02E34EB70993B4997191EF.cer" subjectName="Microsoft Time-Stamp PCA" />
        <Certificate fileRef="F77A3F82B7C4B3A9D869A93E3335CF1F78BC441E.cer" subjectName="Microsoft Certificate Trust List PCA" />
        <Certificate fileRef="CDD4EEAE6000AC7F40C3802C171E30148030C072.cer" subjectName="Microsoft Root Certificate Authority" />
        <Certificate fileRef="51C731109CF66DD3F9C55D28A95D9E4DEA12FE97.cer" subjectName="Microsoft Certificate Trust List Publisher" />
        <Certificate fileRef="80B9915817340CEE66D71EC27DA5F96EBF8D94D8.cer" subjectName="Microsoft Time-Stamp Service" />
      </AdditionalStore>
      <ExtendedKeyUsage>
        <Usage oid="1.3.6.1.4.1.311.10.3.9" name="Root List Signer" />
      </ExtendedKeyUsage>
      <Flags value="100" CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE="true" />
      <ChainEngineInfo context="user" />
      <CertificateChain chainRef="{CD1BEC21-F2BD-4914-ADD7-4A33AC93ABF0}">
        <TrustStatus>
          <ErrorStatus value="1" CERT_TRUST_IS_NOT_TIME_VALID="true" />
          <InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
        </TrustStatus>
        <ChainElement>
          <Certificate fileRef="51C731109CF66DD3F9C55D28A95D9E4DEA12FE97.cer" subjectName="Microsoft Certificate Trust List Publisher" />
          <SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" />
          <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="2048" />
          <TrustStatus>
            <ErrorStatus value="1" CERT_TRUST_IS_NOT_TIME_VALID="true" />
            <InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
          </TrustStatus>
          <ApplicationUsage>
            <Usage oid="1.3.6.1.4.1.311.10.3.9" name="Root List Signer" />
          </ApplicationUsage>
          <IssuanceUsage />
        </ChainElement>
        <ChainElement>
          <Certificate fileRef="F77A3F82B7C4B3A9D869A93E3335CF1F78BC441E.cer" subjectName="Microsoft Certificate Trust List PCA" />
          <SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" />
          <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="2048" />
          <TrustStatus>
            <ErrorStatus value="0" />
            <InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
          </TrustStatus>
          <ApplicationUsage>
            <Usage oid="1.3.6.1.4.1.311.10.3.1" name="Microsoft Trust List Signing" />
            <Usage oid="1.3.6.1.4.1.311.10.3.9" name="Root List Signer" />
          </ApplicationUsage>
          <IssuanceUsage />
        </ChainElement>
        <ChainElement>
          <Certificate fileRef="CDD4EEAE6000AC7F40C3802C171E30148030C072.cer" subjectName="Microsoft Root Certificate Authority" />
          <SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" />
          <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="4096" />
          <TrustStatus>
            <ErrorStatus value="0" />
            <InfoStatus value="10C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
          </TrustStatus>
          <ApplicationUsage any="true" />
          <IssuanceUsage any="true" />
        </ChainElement>
      </CertificateChain>
      <EventAuxInfo ProcessName="Spsprebkup.exe" />
      <CorrelationAuxInfo TaskId="{A7E8846B-C222-468A-ACF6-27AAD994D867}" SeqNumber="18" />
      <Result value="800B0101">A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</Result>
    </CertGetCertificateChain>
  </UserData>
</Event>

Log Name:      Microsoft-Windows-CAPI2/Operational
Source:        Microsoft-Windows-CAPI2
Date:          14/07/2010 15:12:55
Event ID:      30
Task Category: Verify Chain Policy
Level:         Error
Keywords:      Path Validation
User:          SYSTEM
Computer:      HOMER.myserver.com
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
    <EventID>30</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>30</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000001</Keywords>
    <TimeCreated SystemTime="2010-07-14T13:12:55.671849800Z" />
    <EventRecordID>19</EventRecordID>
    <Correlation />
    <Execution ProcessID="3600" ThreadID="1856" />
    <Channel>Microsoft-Windows-CAPI2/Operational</Channel>
    <Computer>HOMER.myserver.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <CertVerifyCertificateChainPolicy>
      <Policy type="CERT_CHAIN_POLICY_BASE" constant="1" />
      <Certificate fileRef="51C731109CF66DD3F9C55D28A95D9E4DEA12FE97.cer" subjectName="Microsoft Certificate Trust List Publisher" />
      <CertificateChain chainRef="{CD1BEC21-F2BD-4914-ADD7-4A33AC93ABF0}" />
      <Flags value="14" CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG="true" CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG="true" />
      <Status chainIndex="0" elementIndex="0" />
      <EventAuxInfo ProcessName="Spsprebkup.exe" />
      <CorrelationAuxInfo TaskId="{A7E8846B-C222-468A-ACF6-27AAD994D867}" SeqNumber="19" />
      <Result value="800B0101">A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</Result>
    </CertVerifyCertificateChainPolicy>
  </UserData>
</Event>

It also happens on Windows 7 system running just the agent,

Cheers,
Fernando


0 Kudos
1 REPLY 1

Phill_Brown
Level 2

‎07-28-2010 09:13 AM

I am also having the same issue. I have a exchange server getting these errors when I run my backup jobs on another server - within one minute of the job start time.

I've installed the certificates it is requesting and still the errors at the start of every backup.
0 Kudos