Windows File Protection may not start (296241)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional

This article was previously published under Q296241

SYMPTOMS

When you log on to a Windows 2000-based computer, you may receive the following message from Windows File Protection:
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files.

Insert your Windows 2000 Server CD-ROM now.
When you insert the Windows 2000 CD-ROM, the message box closes.

When you examine the System event log, the following event may be logged:
Source: Windows File Protection
Event ID: 64033
Description: Windows File Protection could not be initialized. The specific error code is 0xc000000f.
When you attempt to use the sfc /scannow command, the command may not work, and you may receive the following error message:
Windows File Protection could not be initiate a scan of protected system files. The specific code is 0x000006ba [The RPC Server is unavailable.].

CAUSE

This behavior can occur if the certificate for VeriSign time stamping has been removed from the computer. This certificate is listed as: "Issued To: No Liability Accepted, (c)97 VeriSign, Inc.".

To determine whether this certificate has been removed from the system, follow these steps:
  1. Locate a Windows 2000-based computer that exhibits these symptoms.
  2. Click Start, click Run, type mmc, and then click OK.
  3. In the Microsoft Management Console, click Console, and then click Add/Remove Snap-in.
  4. In the Add/Remove dialog box, click Add.
  5. Click Certificates, and then click Add.
  6. Click Computer Account, and then click Next.
  7. Click Local Computer, and then click Finish.
  8. Click Close, and then click OK.
  9. In the console tree, double-click Certificates (Local Computer).
  10. Double-click Trusted Root Certificate Authorities, and then click Certificates.
  11. In the details pane, locate the No Liability Accepted certificate. If the certificate is missing, follow the steps in the "Resolution" section to export the certificate from another workstation and import it.

RESOLUTION

To resolve this behavior, the certificate needs to be restored to the original location. To export the certificate from a Windows 2000-based computer, follow these steps:
  1. Locate a Windows 2000-based computer.
  2. Click Start, and then click Run.
  3. In the Open box, type: MMC.
  4. When Microsoft Management Console (MMC) is displayed, click Console, and then click Add/Remove Snap-in.
  5. On the Add/Remove window, click Add.
  6. When the list of available snap-ins are displayed, click Certificates, and then click Add.
  7. Click Computer Account.
  8. Click Next.
  9. Click Local Computer, and then click Finish.
  10. Click Close, and then click OK to close out the Add/Remove Snap-in window.
  11. Under Console Root, double-click Certificates (Local Computer).
  12. Double-click Trusted Root Certificate Authorities, and then double-click Certificates.
  13. In the right pane, the installed certificates are displayed. Scroll down the list until you locate the No Liability Accepted certificate.
  14. Right-click this certificate, click All Tasks, and then click Export.
  15. On the Export Wizard, click Next, click DER encoded Library X.509, and then click Next.
  16. In the File name box, enter a file name to save the file (for example, C:\Cert). A .cer extension is added to the file name.
  17. Transfer this file to the computer that is receiving the error message.
When the file is transferred to the computer that is receiving the error message, follow these steps to import the file:
  1. Click Start, and then click Run.
  2. In the Open box, type: MMC.
  3. When the MMC starts, click Console, and then click Add/Remove Snap-in.
  4. On the Add/Remove Window, click Add.
  5. When the list of available snap-ins are displayed, click Certificates, and then click Add.
  6. Click Computer Account.
  7. Click Next.
  8. Click Local Computer, and then click Finish.
  9. Click Close, and then click OK to close out the Add/Remove Snap-In window.
  10. Under Console Root, double-click Certificates (Local Computer).
  11. Right-click Trusted Root Certificate Authorities, click All Tasks, and then click Import.
  12. On the wizard, click Next, and then locate the file that you transferred from the other computer. (You may have to change the "Files of Type" field to display the X.509 certificates.)
  13. When the file is selected, click Next.
  14. Place the certificate in the Trusted Root Certificate Authorities Store, and then click Next.
  15. Click Finish. A dialog box is displayed that indicates if the import operation had been successful or not.
  16. When the certificate has been transferred, restart the computer, and then observe if the behavior is resolved.

MORE INFORMATION

For more information about Trusted Root certificates, click the following article numbers to view the articles in the Microsoft Knowledge Base:

293781 Trusted root certificates that are required by Windows Server 2003, by Windows XP, and by Windows 2000

222193 Description of the Windows File Protection feature


Modification Type:MinorLast Reviewed:1/27/2006
Keywords:kbenv kberrmsg kbprb KB296241