Constant Certificate Errors (Home Premium)

I noticed that in event viewer I have been getting the following error for taskhostw.exe persistently, beginning just 2 days after I installed Windows on this PC. The error says:
"A certificate has expired. Please refer to the "Details" section for more information." Each of these errors has a unique thumbprint but share the same the same certificate name (F900DF260332AC7F) and the same EKUs and OIDs, which are found in the following screenshot:



According to the timestamps of the events, the first error was 2 days after I installed Windows on this PC. There have been 28 of them in the ~1 year I've had Windows on this PC. Sometimes they happen a day or 2 apart, but I haven't been able to correlate it to anything specific.
--------------------------
In trying to fix this issue I saw I also get constant CAPI2 certificate errors in event viewer too. For example:




I even got one for tenforums.com while writing this post:



If it was just one certificate issue I wouldn't notice or care, but I get these constantly for various Windows processes including Defender and 3rd party programs.

Steps I've tried:
-Made sure Windows is up to date.
-Ran sfc /scannow, DISM CheckHealth, ScanHealth, and RestoreHealth commands.
-I ran a powershell script to search all stores for the thumbprint 99aec08668bd760c46f5b5aadff4f0d5c565f470 (the most recently expired taskhostw.exe thumbprint from the first 2 screenshots) but it found no results.
-(For the CAPI2 errors) I reset my cryptographic services database via:
net stop cryptsvc
ren %systemroot%\System32\catroot2 catroot2.old
net start cryptsvc
-I synced my clock (sometimes when I turn on my pc the time is off by 3 hours) and restarted windows time service
-I restarted the cryptographic service

I've never messed with certificates before so I've had to familiarize myself with the MMC, and it might take me a bit of time to try out any suggestions. With that said does anyone have any ideas how to fix the certificate errors and find out what the mystery certificate that keeps periodically expiring is?

My current version of Windows is: Windows 10 Home 22H2 19045.4412

Thank you!

dalchina said:

Hi, MOBO seems to be from arouund 3 years ago.

Noting your CPU I saw:


Also given your comment

- I would check your BIOS/UEFI is up to date
- there's no issue with your CMOS battery

Have you tweaked services? Are you overclocking?

There is a new bios update, but it's marked as being in beta. Otherwise mine is the latest complete build. But yes, I did update my bios when I upgraded my CPU to a 5600x. I can definitely buy a new battery and see if that fixes these errors. I think right now all my services are default, but I have tweaked them in the past but nothing major, just stuff I don't at all. And no I'm not overclocked.

- - - Updated - - -

Callender said:

Use sigcheck -tv command and see if it flags anything.

How to verify the security of certificates installed in Windows - Spaceclick

Unfortunately I can't get the -tv command to work. Other sigcheck commands work fine.

Same error message regardless the location.

The mystery certificate is called XBL Client IPsec Issuing CA and it expires almost daily.

Not sure what's up with that, but when you google the name of the certificate other people have the same experience so it must just be MS handling that particular cert oddly.

As for sigcheck: I managed to get the command to work by following the guide you posted. When I run the -tv command it doesn't list anything- I don't have any certs not rooted to the MS cert trust list, yet I'm still getting the errors in event viewer saying "A certificate chain processes, but terminated in a root certificate which is not trusted by the trust provider" which I get constantly for pretty much any app I have running, browser, and for core parts of Windows. I even saw one for sigcheck the other day!

As well as this: "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." My clock is synced, time services are running, so I'm not sure what that's about.