Windows for home | Windows 11 | Files, folders, and storage Persistent Spam Eventviewer ID 4176 by Microsoft Windows CAPI2

Jürgen Klose 0 Reputation points
2026-06-19T18:59:01.2633333+00:00

Dear Support-Team,

Since the last securityupdate on the 11.06.26 i get this permanent error:

  <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />

  <EventID Qualifiers="0">4176</EventID>

  <Version>0</Version>

  <Level>2</Level>

  <Task>0</Task>

  <Opcode>0</Opcode>

  <Keywords>0x8080000000000000</Keywords>

  <TimeCreated SystemTime="2026-06-19T18:28:51.0705392Z" />

  <EventRecordID>130227</EventRecordID>

  <Correlation />

  <Execution ProcessID="5824" ThreadID="6384" />

  <Channel>Application</Channel>

  <Computer>K7840CM</Computer>

  <Security />

  </System>

  • <EventData>

  <Data>200</Data>

  <Data>220</Data>

  </EventData>

  </Event>

Is there a known fix? I didn't find anything working yet.

Best regards!

Jurg

Windows for home | Windows 11 | Windows update
0 comments No comments

3 answers

Sort by: Most helpful
  1. Jürgen Klose 0 Reputation points
    2026-06-24T19:29:09.44+00:00

    Protokollname: Microsoft-Windows-CAPI2/Operational

    Quelle: Microsoft-Windows-CAPI2

    Datum: 24.06.2026 16:26:21

    Ereignis-ID: 11

    Aufgabenkategorie:Build Chain

    Ebene: Fehler

    Schlüsselwörter:Path Discovery,Path Validation

    Benutzer: K7840CM\juerg

    Computer: K7840CM

    Beschreibung:

    Für weitere Informationen über dieses Ereignis, wenden Sie sich an den Abschnitt "Details"

    Ereignis-XML:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

    <System>

    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
    
    <EventID>11</EventID>
    
    <Version>0</Version>
    
    <Level>2</Level>
    
    <Task>11</Task>
    
    <Opcode>2</Opcode>
    
    <Keywords>0x4000000000000003</Keywords>
    
    <TimeCreated SystemTime="2026-06-24T19:26:21.6886186Z" />
    
    <EventRecordID>1315912</EventRecordID>
    
    <Correlation />
    
    <Execution ProcessID="14100" ThreadID="39340" />
    
    <Channel>Microsoft-Windows-CAPI2/Operational</Channel>
    
    <Computer>K7840CM</Computer>
    
    <Security UserID="S-1-5-21-2437454207-2680868835-166919026-1001" />
    

    </System>

    <UserData>

    <CertGetCertificateChain>
    
      <Certificate fileRef="3D8897BBC39143886F29CB84EC62B408E8315A7A.cer" subjectName="Microsoft Time-Stamp Service" />
    
      <AdditionalStore>
    
        <Certificate fileRef="580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D.cer" subjectName="Microsoft Windows Production PCA 2011" />
    
        <Certificate fileRef="71F53A26BB1625E466727183409A30D03D7923DF.cer" subjectName="Microsoft Windows" />
    
        <Certificate fileRef="36056A5662DCADECF82CC14C8B80EC5E0BCC59A6.cer" subjectName="Microsoft Time-Stamp PCA 2010" />
    
        <Certificate fileRef="3D8897BBC39143886F29CB84EC62B408E8315A7A.cer" subjectName="Microsoft Time-Stamp Service" />
    
      </AdditionalStore>
    
      <ExtendedKeyUsage />
    
      <Flags value="4" CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL="true" />
    
      <ChainEngineInfo context="user" />
    
      <CertificateChain chainRef="{1A0163FB-DEFB-44B6-8EB2-A72B10336086}">
    
        <TrustStatus>
    
          <ErrorStatus value="1" CERT_TRUST_IS_NOT_TIME_VALID="true" />
    
          <InfoStatus value="100" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
    
        </TrustStatus>
    
        <ChainElement>
    
          <Certificate fileRef="3D8897BBC39143886F29CB84EC62B408E8315A7A.cer" subjectName="Microsoft Time-Stamp Service" />
    
          <SignatureAlgorithm oid="1.2.840.113549.1.1.11" hashName="SHA256" publicKeyName="RSA" />
    
          <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="4096" />
    
          <TrustStatus>
    
            <ErrorStatus value="1" CERT_TRUST_IS_NOT_TIME_VALID="true" />
    
            <InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
    
          </TrustStatus>
    
          <ApplicationUsage>
    
            <Usage oid="1.3.6.1.5.5.7.3.8" name="Zeitstempel" />
    
          </ApplicationUsage>
    
          <IssuanceUsage />
    
        </ChainElement>
    
        <ChainElement>
    
          <Certificate fileRef="36056A5662DCADECF82CC14C8B80EC5E0BCC59A6.cer" subjectName="Microsoft Time-Stamp PCA 2010" />
    
          <SignatureAlgorithm oid="1.2.840.113549.1.1.11" hashName="SHA256" publicKeyName="RSA" />
    
          <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="4096" />
    
          <TrustStatus>
    
            <ErrorStatus value="0" />
    
            <InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
    
          </TrustStatus>
    
          <ApplicationUsage>
    
            <Usage oid="1.3.6.1.5.5.7.3.8" name="Zeitstempel" />
    
          </ApplicationUsage>
    
          <IssuanceUsage>
    
            <Usage oid="1.3.6.1.4.1.311.76.509.1.1" />
    
          </IssuanceUsage>
    
        </ChainElement>
    
        <ChainElement>
    
          <Certificate fileRef="3B1EFD3A66EA28B16697394703A72CA340A05BD5.cer" subjectName="Microsoft Root Certificate Authority 2010" />
    
          <SignatureAlgorithm oid="1.2.840.113549.1.1.11" hashName="SHA256" publicKeyName="RSA" />
    
          <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="4096" />
    
          <TrustStatus>
    
            <ErrorStatus value="0" />
    
            <InfoStatus value="13C" CERT_TRUST_HAS_NAME_MATCH_ISSUER="true" CERT_TRUST_IS_SELF_SIGNED="true" CERT_TRUST_AUTO_UPDATE_CA_REVOCATION="true" CERT_TRUST_AUTO_UPDATE_END_REVOCATION="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
    
          </TrustStatus>
    
          <ApplicationUsage any="true" />
    
          <IssuanceUsage any="true" />
    
        </ChainElement>
    
      </CertificateChain>
    
      <EventAuxInfo ProcessName="explorer.exe" />
    
      <CorrelationAuxInfo TaskId="{A9AF9C38-4D62-4894-990C-3BCFF4B2F7C6}" SeqNumber="3" />
    
      <Result value="800B0101">Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.</Result>
    
    </CertGetCertificateChain>
    

    </UserData>

    </Event>

    Was this answer helpful?


  2. Jürgen Klose 0 Reputation points
    2026-06-20T17:56:40.7766667+00:00

    Hello,

    i hope that is what you meant me to provide.

    Protokollname: Microsoft-Windows-CAPI2/Operational

    Quelle: Microsoft-Windows-CAPI2

    Datum: 20.06.2026 14:51:19

    Ereignis-ID: 30

    Aufgabenkategorie:Verify Chain Policy

    Ebene: Fehler

    Schlüsselwörter:Path Validation

    Benutzer: SYSTEM

    Computer: K7840CM

    Beschreibung:

    Für weitere Informationen über dieses Ereignis, wenden Sie sich an den Abschnitt "Details"

    Ereignis-XML:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

    <System>

    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
    
    <EventID>30</EventID>
    
    <Version>0</Version>
    
    <Level>2</Level>
    
    <Task>30</Task>
    
    <Opcode>0</Opcode>
    
    <Keywords>0x4000000000000001</Keywords>
    
    <TimeCreated SystemTime="2026-06-20T17:51:19.5508576Z" />
    
    <EventRecordID>406746</EventRecordID>
    
    <Correlation ActivityID="{Removed PII}" />
    
    <Execution ProcessID="1920" ThreadID="25312" />
    
    <Channel>Microsoft-Windows-CAPI2/Operational</Channel>
    
    <Computer>Removed PII</Computer>
    
    <Security UserID="Removed PII" />
    ```  </System>
    
      <UserData>
    
    ```xml
    <CertVerifyCertificateChainPolicy>
    
      <Policy type="CERT_CHAIN_POLICY_MICROSOFT_ROOT" constant="7" />
    
      <Certificate fileRef="753064BFCBAEBF221B0F61CC379E2A974CABC92C.cer" subjectName="userpresence.xboxlive.com" />
    
      <CertificateChain chainRef="{11B238FC-8871-4BBD-9B8B-2D1F16A2EC61}" />
    
      <Flags value="0" />
    
      <Status chainIndex="0" elementIndex="3" />
    
      <EventAuxInfo ProcessName="lsass.exe" />
    
      <CorrelationAuxInfo TaskId="{6A124BF8-2060-476A-BCD5-09E3FC3ABD00}" SeqNumber="1" />
    
      <Result value="800B0109">Eine Zertifikatkette wurde zwar verarbeitet, endete jedoch mit einem Stammzertifikat, das beim Vertrauensanbieter nicht als vertrauenswürdig gilt.</Result>
    
    </CertVerifyCertificateChainPolicy>
    ```  </UserData>
    
    </Event>
    

    Was this answer helpful?


  3. Carl-L 16,755 Reputation points Microsoft External Staff Moderator
    2026-06-20T09:34:20.8033333+00:00

    Hello Jürgen Klose,

    Welcome to Microsoft Q&A forum.

    CAPI2 Event ID 4176 is often associated with cryptographic/PFX certificate processing failures, but the exact cause depends on the message, so with this. I cannot be sure what is happening with this. Before we proceed further, can you please try to expand the logs and let me know the details?

    I'm waiting for your reply.

    Was this answer helpful?


Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.