Windows 10 Audit failures every reboot - Event 5061 - Cryptographic operation. Win 10 Pro 64-bit

[glnzglnz]

Audit failures every reboot - Event 5061 - Cryptographic operation. Win 10 Pro 64-bit version 1803. ‎4/‎28/‎2019


Immediately after every reboot of Win 10 Pro 64-bit version 1803, in Event Viewer, there are between two and four Audit Failures for something related to Cryptography. So my Win 10 machine is insecure? I have run sfc /scannow and Dism /Online /Cleanup-Image /RestoreHealth many times, with no luck. And I hardly even use my Win 10 machine - there are almost no apps on it yet. My actual Win 10 build is 17134.706


Here are the latest five Cryptography-related Audit Failures, from two reboots:


LATEST OF FIVE:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/28/2019 12:27:52 PM
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DESKTOP-3#####N
Description:
Cryptographic operation.

Subject:
Security ID: DESKTOP-3#####N\[My user name]
Account Name: [My user name]
Account Domain: DESKTOP-3#####N
Logon ID: 0x3EC24

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: Microsoft Connected Devices Platform device certificate
Key Type: User key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x80090016
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-04-28T16:27:52.339705400Z" />
<EventRecordID>19582</EventRecordID>
<Correlation />
<Execution ProcessID="880" ThreadID="948" />
<Channel>Security</Channel>
<Computer>DESKTOP-3#####N</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-3591163430-416291016-3566129944-1001</Data>
<Data Name="SubjectUserName">[My user name]</Data>
<Data Name="SubjectDomainName">DESKTOP-3#####N</Data>
<Data Name="SubjectLogonId">0x3ec24</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">UNKNOWN</Data>
<Data Name="KeyName">Microsoft Connected Devices Platform device certificate</Data>
<Data Name="KeyType">%%2500</Data>
<Data Name="Operation">%%2480</Data>
<Data Name="ReturnCode">0x80090016</Data>
</EventData>
</Event>​

FOURTH OF FIVE:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/28/2019 12:26:51 PM
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DESKTOP-3#####N
Description:
Cryptographic operation.

Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: 0c405d387aba56ba
Key Type: User key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x80090016
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-04-28T16:26:51.704606400Z" />
<EventRecordID>19552</EventRecordID>
<Correlation />
<Execution ProcessID="880" ThreadID="1004" />
<Channel>Security</Channel>
<Computer>DESKTOP-3#####N</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-19</Data>
<Data Name="SubjectUserName">LOCAL SERVICE</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e5</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">UNKNOWN</Data>
<Data Name="KeyName">0c405d387aba56ba</Data>
<Data Name="KeyType">%%2500</Data>
<Data Name="Operation">%%2480</Data>
<Data Name="ReturnCode">0x80090016</Data>
</EventData>
</Event>
​

THIRD OF FIVE:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/28/2019 11:29:28 AM
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DESKTOP-3#####N
Description:
Cryptographic operation.

Subject:
Security ID: DESKTOP-3#####N\[My user name]
Account Name: [My user name]
Account Domain: DESKTOP-3#####N
Logon ID: 0x3EF94

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: Microsoft Connected Devices Platform device certificate
Key Type: User key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x80090016
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-04-28T15:29:28.196237300Z" />
<EventRecordID>19387</EventRecordID>
<Correlation />
<Execution ProcessID="884" ThreadID="928" />
<Channel>Security</Channel>
<Computer>DESKTOP-3#####N</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-3591163430-416291016-3566129944-1001</Data>
<Data Name="SubjectUserName">[My user name]</Data>
<Data Name="SubjectDomainName">DESKTOP-3#####N</Data>
<Data Name="SubjectLogonId">0x3ef94</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">UNKNOWN</Data>
<Data Name="KeyName">Microsoft Connected Devices Platform device certificate</Data>
<Data Name="KeyType">%%2500</Data>
<Data Name="Operation">%%2480</Data>
<Data Name="ReturnCode">0x80090016</Data>
</EventData>
</Event>
​

SECOND OF FIVE:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/28/2019 11:28:27 AM
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DESKTOP-3#####N
Description:
Cryptographic operation.

Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: 0c405d387aba56ba
Key Type: User key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x80090016
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-04-28T15:28:27.709849300Z" />
<EventRecordID>19363</EventRecordID>
<Correlation />
<Execution ProcessID="884" ThreadID="992" />
<Channel>Security</Channel>
<Computer>DESKTOP-3#####N</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-19</Data>
<Data Name="SubjectUserName">LOCAL SERVICE</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e5</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">UNKNOWN</Data>
<Data Name="KeyName">0c405d387aba56ba</Data>
<Data Name="KeyType">%%2500</Data>
<Data Name="Operation">%%2480</Data>
<Data Name="ReturnCode">0x80090016</Data>
</EventData>
</Event>
​

FIRST OF FIVE:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/28/2019 11:28:27 AM
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DESKTOP-3#####N
Description:
Cryptographic operation.

Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: 0c405d387aba56ba
Key Type: User key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x80090016
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-04-28T15:28:27.709849300Z" />
<EventRecordID>19363</EventRecordID>
<Correlation />
<Execution ProcessID="884" ThreadID="992" />
<Channel>Security</Channel>
<Computer>DESKTOP-3#####N</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-19</Data>
<Data Name="SubjectUserName">LOCAL SERVICE</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e5</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">UNKNOWN</Data>
<Data Name="KeyName">0c405d387aba56ba</Data>
<Data Name="KeyType">%%2500</Data>
<Data Name="Operation">%%2480</Data>
<Data Name="ReturnCode">0x80090016</Data>
</EventData>
</Event>
​

So, what the *** are these, and how do we fix? No guesses - just the real fix.



glnzglnz
☺ In the office, Dell Optiplex 7040 with 8GB RAM, Win 7 Pro 64-bit and Office 2010
☻ At home, Dell Optiplex 7010 with 16GB RAM dual-booting Win 7 Pro 64-bit (now with Office 365 Home) and Win 10 Pro 64-bit
♥ Also still have Dell Optiplex 755 with 4GB RAM with Win XP Pro SP3 (which still gets updates with the POS hack) and Office 2003

Continue reading...