Help get this topic noticed by sharing it on Twitter, Facebook, or email.

WinHttpSendRequestWin32Error::A security error occurred

The Microsoft CAPI2 server automatically updates the Internet Explorer certificates for SSL communications. Sometime over the past 24 hours the service began pushing invalid certificates to customer machines.

You can verify that this the cause by going to Administration Tools/ Event Viewer. Look at the Application Log and filter by Source of CAPI2. You will see a series of messages indicating that the CAPI2 service updated the root certificates with a timestamp that roughly corresponds to the start time of failure.

DBAmp shares the certificate code with the Internet Explorer. With the invalid certificates, both IE and DBAmp will be blocked from accessing https://login.salesforce.com sites.

There are multiple customers with this error. Some customers have reported that the CAPI2 service self corrected the invalid certificates with no intervention around 6 hours after the first update.

Other customers are attempting to remove the invalid certificates but we do not have a procedure that we can recommend at this time.

The issue has been reported to both salesforce.com and microsoft support.

We will post further information for this problem as we work the issue this morning.
2 people have
this problem
+1
Reply
  • It appears that perhaps an intermediate certificate was deleted by the CAPI2 update and this causes the issue.

    First you need to download the required certificates from salesforce. They are available at this link: https://help.salesforce.com/apex/HTVi...

    After downloading the zip, extract the certificates and note the directory location.

    In order to restore the missing certificates you will need access to the Certificate snap-in for MMC. Use the following procedure to install the snap in for the Computer Account:

    1. Click Start, type mmc in the Search programs and files box, and then press ENTER.

    2. On the File menu, click Add/Remove Snap-in.

    3. Under Available snap-ins, double-click Certificates.

    4. Select Computer account, and then click Next.

    5. Click Local computer, and then click Finish.

    To save this console, on the File menu, click Save.

    To install the certificates, do the following:

    1. Expand the Certificates node.
    2. Expand the Trusted Root Certification Authority node.
    3. Right click the Certificates folder and select All Tasks > Import...
    4. The Import wizard will open.
    Use the wizard to import the following certificates from Salesforce.
    Verisign Class 3 Public Primary Certification Authority - G5.crt
    Verisign Class 3 Public Primary Certification Authority - G5.der
    Class 3 Public Primary Certification Authority.crt
    Class 3 Public Primary Certification Authority.der

    After adding the certificates, you must make sure that they can be used for server/client authentication.

    1. Right click on the each of the 'Class 3 Public Primary Certification Authority' and choose Properties. Then make sure both Server Authentication and Client Authentication are checked and press ok. Repeat the process for the second 'Class 3 Public Primary Certification Authority certificate.

    Please add a comment to this support article to indicate the success for your installation or if you encountered the need for additional steps.

    We are working with salesforce to determine why this occurred in the first place.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited sad, anxious, confused, frustrated indifferent, undecided, unconcerned

  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited sad, anxious, confused, frustrated indifferent, undecided, unconcerned

  • Hi Bill, i'm having this issue today. The source link (https://help.salesforce.com/apex/HTVi... ) no longer exists. Could you please help me to find the required certificates?

    Thank you
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited sad, anxious, confused, frustrated indifferent, undecided, unconcerned

  • Let's make sure it is really this issue.

    The other cause of this error message is your own proxy/firewall denying access to the internet. If you remote desktop onto the SQL machine, can you open a browser and complete a login to the salesforce application using the same credentials ?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited sad, anxious, confused, frustrated indifferent, undecided, unconcerned

  • Bill, when I try to load login.salesforce.com the IE shows the blue background, but it never loads the rectangle in the center of the screen to write username and password. Is it clear?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited sad, anxious, confused, frustrated indifferent, undecided, unconcerned

  • Bill, we've found a problem in our firewall. Now dbAmp is working fine again.

    Thank you
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited sad, anxious, confused, frustrated indifferent, undecided, unconcerned