Do certificates for signing in to Quantum G1100 cause Audit Failures in Win 10 ??
glnzglnz
Contributor - Level 3

There is a long thread here about the problems we are having signing in to our Quantum G1100 routers when we go to 192.168.1.1 --

https://forums.verizon.com/t5/Fios-Internet/Certificate-Error-Router-home-page-hacked-192-168-1-1/td...

Verizon has suggested that we install or permit "self-signed" security certificates generated by our Quantums that our browsers prompt us to install.

But are those self-signed certificates causing a new problem?

On every boot-up of my Win 10 Pro 64-bit (version 1803) PC, in Event Viewer, there are between two and four Audit Failures for something related to Cryptography.  Are those caused by Verizon's self-signed certificates?

I have posted about this Audit Failure problem in detail on MS Technet < HERE > and < HERE >.  HOWEVER, in the second link, a moderator suggested I delete expired security certificates, and I then found two expired certificates generated by my own computer (which I have not yet deleted).  Are those the self-signed certificates generated by the Quantum that Verizon is now requiring?  Are they causing my Audit Failure problem?

And here's another possibility -- the Verizon self-signed certificate is produced by Greenway.  However, I did not find ANY Greenway or Verizon certificates in my existing certificate lists.  Is that causing the Audit Failures?

Do YOU have a Win 10 computer, and did YOU install the Quantum certificates as now required by Verizon?  If yes, please reboot, wait for your PC to settle down, and then go to Event Viewer (Win+R, type eventvwr and then OK and make sure you are in the top left "Event Viewer (Local)").  Are there any Audit Failures?  Please post here.

Thanks.

0 Likes
1 Solution
glnzglnz
Contributor - Level 3

Updating to Win 10 Version 1903 has solved the Audit Failure problem.

Thanks to all here for their patience.

View solution in original post

8 Replies
fzammetti1
Enthusiast - Level 2

I'm not seeing any audit failures from the time of my last system startup (roughly 4 four ago) to now.  In fact, I've never seen a certificate problem at the browser level generate an audit failure in system logs.  Not saying it isn't possible, but it would surprise me honestly.

To be clear, Verizon isn't requiring anyone to install a cert per se, they're just now requiring that you accept the warning the browser throws about it not being issued by a CA because it's self-signed.  This is all happening at the browser level, not even the OS level, and as others have said in various threads about it, it's not an uncommon thing for router OEMs to do.

So, I don't think your audit failures have anything to do with the change Verizon made.  I can't say that with absolute certainty, but it seems unlikely to me.

Looking at the two links you provided, I'm actually thinking you have a bad video driver (which, by the way, is the cause of many, maybe even most, issues on Windows, and they can manifest in some especially odd ways).  I see someone mentioned that already, and I get why they would say it based on the information provided ("Microsoft Connected Devices Platform device certificate" specifically).

Another possibility is a malware infection.  lsass.exe, which you mapped one of the PIDs to, is a core component of Windows related to user logins and account information.  But, it's also a fairly common name to give a nefarious program because of that: it makes most people ignore it since it's "part of Windows".

So, I would definitely do a couple of scans with some antivirus software (and I always like to use more than one and at least one of them launched from a preinstall environment boot disc).  Then I would confirm all your drivers are fully up to date.  I would do all that long before considering the possibility that it's related to the Verizon cert issue (When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth).

glnzglnz
Contributor - Level 3

Hey, fzammetti1 -- Probably wise advice.  Running the first two of a number of anti-virus scans now.  We'll see.

However, the PC does not have any video card - it's Intel HD integrated for graphics.

And I tried to update its driver earlier, only to get "you already have the latest driver".

What other "devices" might my "platform" be connected to that's an issue?  How could I generate a list?

Thanks.

0 Likes
glnzglnz
Contributor - Level 3

fzammetti1 --I ran four deep anti-virus scans yesterday - all clean.

And I don't have a video card.

So what's causing the Audit Failures on bootup if it's not the new self-sign certificates for the Quantom G1100?

Thanks.

0 Likes
glnzglnz
Contributor - Level 3

I did some more digging.

On reboot just now, there were three Audit Failures, Event 5061, for Cryptographic operation, all noting Process ID 888, which is lsass.exe, Local Security Authority Process

So I right-clicked on lsass.exe and looked at its related services, and they are:

Keylso - CNG Key Isolation - running

SamSs - Security Account Manager - running

VaultSvc - Credential Manager - running

Any ideas what this is, or how to fix?

0 Likes
glnzglnz
Contributor - Level 3

Update – in the detailed copies of the Audit Failure messages at the links at my post at the start here, the [Hex number] is associated with my One Drive, as I discovered in the registry.

Is that a clue to the reason for the Audit Failures?

0 Likes
glnzglnz
Contributor - Level 3

 
IMPORTANT NEW INFO:

By checking my logs carefully, I can see that the Audit Failures start on the same day that I upgraded from Win 10 Version 1709 to Version 1803 - this past March 17.

So is this problem baked into 1803?

But why haven't more people been complaining about it?

Still need to know how to fix. Thanks.
 

0 Likes
jonjones1
Legend

@glnz2 wrote:

 
IMPORTANT NEW INFO:

By checking my logs carefully, I can see that the Audit Failures start on the same day that I upgraded from Win 10 Version 1709 to Version 1803 - this past March 17.

So is this problem baked into 1803?

But why haven't more people been complaining about it?

Still need to know how to fix. Thanks.
 


This is more of a windows issue. Not a fios issue. You have made inquiries on http://www.dslreports.com which over there may be of better assistance. 

You have said over there you are using a windows 7/windows 10 dual boot system.

i believe that is your issue. I use windows 10 latest update with no dual boot and my own personal Netgear router with no error messages except for time server updates.

glnzglnz
Contributor - Level 3

Updating to Win 10 Version 1903 has solved the Audit Failure problem.

Thanks to all here for their patience.