Can't install Fiddler Root Certificate on Windows 2012 R2 (Citrix Image)

2 posts, 0 answers
  1. Sean
    Sean avatar
    1 posts
    Member since:
    May 2019

    Posted 15 May Link to this post

    I have been trying to get Fiddler configured to decrypt HTTPS traffic on a Citrix image.  We need this for diagnostics\troubleshooting an issue we are having.  When I run through the process to Trust the Root Certificate I get the normal SCARY message and when I choose "Yes" I get an error about being unable to configure Windows to Trust the Fiddler Root Certificate.  Here are the details in the log:

    -= Fiddler Event Log =-
    See http://fiddler2.com/r/?FiddlerLog for details.

    07:56:11:3776 Fiddler Running...
    07:56:11:3932 Windows 8+ AppContainer isolation feature detected.
    07:56:17:9514 Assembly 'C:\Program Files (x86)\Fiddler2\CertMaker.dll' was not found. Using default Certificate Generator.
    07:56:17:9514 /Fiddler.CertMaker> Using .‰+˜ for certificate generation; UseWildcards=True.
    07:56:21:2343 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    07:56:21:2343 /Fiddler.CertMaker> Caller was in ApartmentState: STA; hopping to Threadpool
    07:56:21:2343 /Fiddler.CertMaker> Invoking CertEnroll for Subject: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com; Thread's ApartmentState: MTA
    07:56:21:2850 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CX509PrivateKey::Create: The profile for the user is a temporary profile. 0x80090024 (-2146893788 NTE_TEMPORARY_PROFILE)
    07:56:24:4304 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    07:56:24:4304 !Fiddler.CertMaker> The Root certificate could not be found.
    07:58:00:3753 Setting upstream gateway to none
    07:58:16:7514 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    07:58:16:7514 !Fiddler.CertMaker> The Root certificate could not be found.
    07:58:29:0623 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    07:58:29:0623 !Fiddler.CertMaker> The Root certificate could not be found.
    08:03:20:0051 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    08:03:20:0051 /Fiddler.CertMaker> Caller was in ApartmentState: STA; hopping to Threadpool
    08:03:20:0051 /Fiddler.CertMaker> Invoking CertEnroll for Subject: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com; Thread's ApartmentState: MTA
    08:03:20:0051 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CX509PrivateKey::Create: The profile for the user is a temporary profile. 0x80090024 (-2146893788 NTE_TEMPORARY_PROFILE)
    08:03:39:1731 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    08:03:39:1731 !Fiddler.CertMaker> The Root certificate could not be found.
    08:03:46:3336 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    08:03:46:3336 /Fiddler.CertMaker> Caller was in ApartmentState: STA; hopping to Threadpool
    08:03:46:3336 /Fiddler.CertMaker> Invoking CertEnroll for Subject: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com; Thread's ApartmentState: MTA
    08:03:46:3336 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CX509PrivateKey::Create: The profile for the user is a temporary profile. 0x80090024 (-2146893788 NTE_TEMPORARY_PROFILE)
    10:06:29:9758 DefaultCertMaker: GetRootCertificate() did not find the root in the Windows TrustStore.
    10:06:29:9758 !Fiddler.CertMaker> The Root certificate could not be found.

  2. Simeon
    Admin
    Simeon avatar
    228 posts

    Posted 21 May Link to this post

    Hello Sean,

    Based on the event log you provided, it seems that the root cause of your problem is that you are logging in with a temporary user profile on the Windows 2012 R2 Citrix image
    CertEnroll::CX509PrivateKey::Create: The profile for the user is a temporary profile. 0x80090024 (-2146893788 NTE_TEMPORARY_PROFILE)

    Going through this Microsoft support forum thread and this article I come to the conclusion that Windows will create a temporary profile when it is unable to read the user profile files. Changes you make to this profile will be lost when you log off. Hence the CertEnroll engine cannot persist the private key of the Fiddler root certificate and throws an exception.

    Regards,
    Simeon
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top