Event ID 11 — For more details for this event, please refer to the "Details" section

Provider: Microsoft-Windows-CAPI2
Channel: Operational
Level: Error
Collection Priority: Recommended (Microsoft-WEF)
Task: BuildChain
Opcode: Stop

Description

For more details for this event, please refer to the "Details" section.

Message #

For more details for this event, please refer to the "Details" section

Fields #

Name	Description
`CertGetCertificateChain.Certificate`	—
`CertGetCertificateChain.AdditionalStore`	—
`CertGetCertificateChain.ExtendedKeyUsage`	—
`CertGetCertificateChain.Flags`	—
`CertGetCertificateChain.ChainEngineInfo`	—
`CertGetCertificateChain.CertificateChain`	—
`CertGetCertificateChain.EventAuxInfo`	—
`CertGetCertificateChain.CorrelationAuxInfo`	—
`CertGetCertificateChain.Result`	—
`EventWriteData` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-CAPI2",
    "guid": "{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}",
    "event_source_name": "",
    "event_id": 11,
    "version": 0,
    "level": 2,
    "task": 11,
    "opcode": 2,
    "keywords": 4611686018427387907,
    "time_created": "2026-03-13T20:00:05.356343+00:00",
    "event_record_id": 3576,
    "correlation": {},
    "execution": {
      "process_id": 3384,
      "thread_id": 2456
    },
    "channel": "Microsoft-Windows-CAPI2/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "CertGetCertificateChain": {
      "Certificate": {
        "fileRef": "34A2F214EBABF43CA29A70786CAE64B34426AFD5.cer",
        "subjectName": "Microsoft Time-Stamp Service"
      },
      "AdditionalStore": {
        "Certificate": {
          "fileRef": "580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D.cer",
          "subjectName": "Microsoft Windows Production PCA 2011"
        },
        "Certificate_1": {
          "fileRef": "BBD2C438000344F439BFDFE5ABAC3223357CD67F.cer",
          "subjectName": "Microsoft Windows"
        },
        "Certificate_2": {
          "fileRef": "36056A5662DCADECF82CC14C8B80EC5E0BCC59A6.cer",
          "subjectName": "Microsoft Time-Stamp PCA 2010"
        },
        "Certificate_3": {
          "fileRef": "34A2F214EBABF43CA29A70786CAE64B34426AFD5.cer",
          "subjectName": "Microsoft Time-Stamp Service"
        }
      },
      "ExtendedKeyUsage": null,
      "Flags": {
        "value": "4",
        "CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL": "true"
      },
      "ChainEngineInfo": {
        "context": "user"
      },
      "CertificateChain": {
        "chainRef": "{CF25F10C-0EAF-4A4D-9077-D259B9BFF745}",
        "TrustStatus": {
          "ErrorStatus": {
            "value": "1",
            "CERT_TRUST_IS_NOT_TIME_VALID": "true"
          },
          "InfoStatus": {
            "value": "100",
            "CERT_TRUST_HAS_PREFERRED_ISSUER": "true"
          }
        },
        "ChainElement": {
          "Certificate": {
            "fileRef": "34A2F214EBABF43CA29A70786CAE64B34426AFD5.cer",
            "subjectName": "Microsoft Time-Stamp Service"
          },
          "SignatureAlgorithm": {
            "oid": "1.2.840.113549.1.1.11",
            "hashName": "SHA256",
            "publicKeyName": "RSA"
          },
          "PublicKeyAlgorithm": {
            "oid": "1.2.840.113549.1.1.1",
            "publicKeyName": "RSA",
            "publicKeyLength": "4096"
          },
          "TrustStatus": {
            "ErrorStatus": {
              "value": "1",
              "CERT_TRUST_IS_NOT_TIME_VALID": "true"
            },
            "InfoStatus": {
              "value": "102",
              "CERT_TRUST_HAS_KEY_MATCH_ISSUER": "true",
              "CERT_TRUST_HAS_PREFERRED_ISSUER": "true"
            }
          },
          "ApplicationUsage": {
            "Usage": {
              "oid": "1.3.6.1.5.5.7.3.8",
              "name": "Time Stamping"
            }
          },
          "IssuanceUsage": null
        },
        "ChainElement_1": {
          "Certificate": {
            "fileRef": "36056A5662DCADECF82CC14C8B80EC5E0BCC59A6.cer",
            "subjectName": "Microsoft Time-Stamp PCA 2010"
          },
          "SignatureAlgorithm": {
            "oid": "1.2.840.113549.1.1.11",
            "hashName": "SHA256",
            "publicKeyName": "RSA"
          },
          "PublicKeyAlgorithm": {
            "oid": "1.2.840.113549.1.1.1",
            "publicKeyName": "RSA",
            "publicKeyLength": "4096"
          },
          "TrustStatus": {
            "ErrorStatus": {
              "value": "0"
            },
            "InfoStatus": {
              "value": "102",
              "CERT_TRUST_HAS_KEY_MATCH_ISSUER": "true",
              "CERT_TRUST_HAS_PREFERRED_ISSUER": "true"
            }
          },
          "ApplicationUsage": {
            "Usage": {
              "oid": "1.3.6.1.5.5.7.3.8",
              "name": "Time Stamping"
            }
          },
          "IssuanceUsage": {
            "Usage": {
              "oid": "1.3.6.1.4.1.311.76.509.1.1"
            }
          }
        },
        "ChainElement_2": {
          "Certificate": {
            "fileRef": "3B1EFD3A66EA28B16697394703A72CA340A05BD5.cer",
            "subjectName": "Microsoft Root Certificate Authority 2010"
          },
          "SignatureAlgorithm": {
            "oid": "1.2.840.113549.1.1.11",
            "hashName": "SHA256",
            "publicKeyName": "RSA"
          },
          "PublicKeyAlgorithm": {
            "oid": "1.2.840.113549.1.1.1",
            "publicKeyName": "RSA",
            "publicKeyLength": "4096"
          },
          "TrustStatus": {
            "ErrorStatus": {
              "value": "0"
            },
            "InfoStatus": {
              "value": "13C",
              "CERT_TRUST_HAS_NAME_MATCH_ISSUER": "true",
              "CERT_TRUST_IS_SELF_SIGNED": "true",
              "CERT_TRUST_AUTO_UPDATE_CA_REVOCATION": "true",
              "CERT_TRUST_AUTO_UPDATE_END_REVOCATION": "true",
              "CERT_TRUST_HAS_PREFERRED_ISSUER": "true"
            }
          },
          "ApplicationUsage": {
            "any": "true"
          },
          "IssuanceUsage": {
            "any": "true"
          }
        }
      },
      "EventAuxInfo": {
        "ProcessName": "MsSense.exe"
      },
      "CorrelationAuxInfo": {
        "TaskId": "{CF0BD453-CD94-4F51-B22E-F268FB8E1C35}",
        "SeqNumber": "3"
      },
      "Result": {
        "value": "800B0101",
        "Value": "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file."
      }
    }
  },
  "message": ""
}

References #

Microsoft Learn https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/event-id-4107-or-event-id-11-is-logged