0

Wondering if any of you guys might have some advice; I'm trying to help fix my mom's computer over the phone, and looking for ideas.

Context: my mom bought a laptop second-hand. The laptop is running Windows 7, and only had one (admin) user. The previous owner had the laptop set up so that you had to scan a fingerprint at the lock screen to log in. As my mom could never do that, her only option at the lock screen was to select 'user - locked', which would allow her to log in to a temporary (also admin) profile. As a result, any documents or settings saved, etc., would disappear each time she turned the computer off, as a new profile was generated each time.

To solve this problem, we created a new admin account for her, while logged in to one of those temporary profiles. I thought this would solve the problem. However, when she logged in and tried to use the internet on Chrome, she was met with this error: "Your connection is not private" (specifically, NET::ERR_CERT_AUTHORITY_INVALID). We tried Chrome, Edge, Firefox - all browsers result in similar privacy/certificate errors for all HTTPS sites. There is no 'proceed' option when this occurs in any of the browsers; she is completely blocked. HTTP sites work FINE; she can visit http://example.com, for example. This error does NOT occur in the temporary profile.

I have tried the following: (1) re-synching the clock (2) installing all pending Windows udpates (3) disabling any anti-virus and firewall (4) clearing all browser history and cache (There wasn't any on the new profile anyway) (5) ran sfc /scannow as admin from that profile; no issues. (6) Went through and check for any recently installed programs that could be causing issues; there were none. (7) Checked internet connection; fine. Nothing has worked... I am stumped.

Could this be some sort of permissions issue, where the SSL certificates aren't accessible by the new admin user, because of the fact that the user was created from within a temporary profile? If so, is there any way to fix this? It seems SSL certificates are stored in a variety of locations, so it's not like there's a particular folder I can go to and check the permissions on.

P.S. I know the recommended solution would likely be 'wipe the computer and re-install Windows 7' or 'upgrade to Windows 10', both of which are great solutions, but they really aren't options right now as I'm stepping her through all of this over the phone. I plan to upgrade to Windows 10 when I see her in person, but that will be a while, so I'm trying to fix the existing problem for now.

Bik
  • 25
  • 1
  • 7
  • 1
    Is the date and time set correctly? – Andrew Morton Apr 19 '21 at 12:45
  • 2
    FYI Windows 7 is out of support and is dangerous to use online. Please upgrade to a supported Windows version or install a current Linux ASAP. There's really no point in troubleshooting something that can harm you (your mother) big time. Just don't. – ChanganAuto Apr 19 '21 at 13:01
  • 2
    Why don’t you just reinstall Windows 7? That would solve the browser and user profile problem more than likely – Ramhound Apr 19 '21 at 13:04
  • Date and time are set correctly. As mentioned in the post, I would love to re-install Windows 7, or better yet, upgrade to Windows 10. Unfortunately I'm doing this for my mom remotely, and she has very limited computer skills. If anything goes wrong with those installations, she just won't be able to use the computer anymore. I'm just trying to fix this issue for now, until I can see her in person, at which time I will upgrade to Windows 10 for her. – Bik Apr 19 '21 at 13:19
  • @Bik Have you seen [HTTPS sites not opening in any browser on Windows computer](https://www.thewindowsclub.com/https-sites-are-not-opening-browser)? – Andrew Morton Apr 19 '21 at 13:31
  • @AndrewMorton Thanks for the second response. I did come across that page before actually; I haven't yet tried flushing the dns cache or clearing ssl certs - I was hesitant to do that as I was worried it might mess things up for the working profile. I will try that though. Since the problem is only happening on this profile, I have a feeling it might be something related to the fact that the profile was created via a temp user. I wonder if there's some limitations to creating new profiles from temp users. I don't know too much about Windows 7 unfortunately. – Bik Apr 19 '21 at 13:37
  • If it happens across multiple reputable sites and does not on the old user account then it sounds like the newly created user can't access the local CA (certificate authority) certs on the device. I don't have a Win7 sandbox handy to play around or be able to guide you but I'd take a look at the cert manager tool to see if the trusted root CA certs can be viewed by either user. Running "certmgr.msc" from the run prompt should work on win7. – Gytis Apr 19 '21 at 14:01
  • @Gytis Thank you so much. Actually, while I was posting this question earlier, I had just read about certmg.msc and was trying to mess around with it. I'll get on the phone with her later and step her through running it on that profile. Unfortunately, as she can't access the internet while logged in to that profile, I can't remote desktop to do it. (If i start a remote desktop session from the temp user it just cuts off once I try to switch users). Thanks a lot! – Bik Apr 19 '21 at 14:29
  • @Gytis So I have had her open up certmgr.msc from within the new (problematic) profile. Under 'Trusted Root Certificate Authorities' --> 'Certificates', she does seem to have the normal certificates. I'm totally stumped. Is there a way to see the properties of the certificates themselves (or at least the path to the certs) to verify who has read privileges on them? – Bik Apr 19 '21 at 15:35
  • Just as an update, I have no idea how or why this is working, but I seem to have found a solution. I simply reset Internet Explorer Settings. Going to post the details why, in case anyone stumbles on this in the future. So I had her try this in IE; still she couldn't visit HTTPs sites, but it said it was due to a proxy issue. We ran network diagnostic tool, and it said "port issue (316)". I googled and found this page: https://h30434.www3.hp.com/t5/Notebooks-Archive-Read-Only/port-issue-316/td-p/3238831 . It recommended to reset Internet Explorer Settings. Did that, and like a charm - fixed – Bik Apr 19 '21 at 16:52

1 Answers1

0

A bit late but the answer by OP here: Web browsers say certificates expired or not yet valid, even though the certificate is valid for today's date and system clock is accurate might solve this problem.

Trying to avoid conversion to comment...

Solution: "I downloaded the Windows update "Support for urgent Trusted Root updates for Windows Root Certificate Program in Windows" directly from the Microsoft site, which fixed the problem."

nickpapoutsis
  • 101
  • 2