Reset corrupt Personal certificate store in Windows 10



  • I've got a user who cannot access her own personal certificate store. It appears to be corrupt. Is there any way short of nuking her profile that will allow me to recreate just this store? I've poked some at the registry, but there doesn't appear to be anything directly related to this in the place I was directed to - HKCU\Software\Microsoft\SystemCertificates\My.

    Any thoughts or questions?



  • What do you mean she can't access it?

    What happens if you run: certmgr.msc
    Then go to Personal > Certificates?



  • There is nothing under Personal. The Certificates folder is not there. When I attempt to import a cert I get a generic error message about the store being full or read only (user is local admin, certmgr was launched with admin rights).



  • @Kelly said in Reset corrupt Personal certificate store in Windows 10:

    There is nothing under Personal. The Certificates folder is not there. When I attempt to import a cert I get a generic error message about the store being full or read only (user is local admin, certmgr was launched with admin rights).

    That's odd. I haven't seen that before.

    If another user logs in to that computer, do they have the same issue?



  • I haven't tried another user. I would be surprised if they experienced the same issue since, I believe, the personal cert store is user specific.

    That said, I'd really rather not rebuild her profile, but I suppose I will if I have to.



  • Try.... certutil -repairstore My ?



  • Are users' personal certificates in AD? What happens if you open certmgr.msc and then check in "Active Directory User Object" > Certificates? Credential Roaming puts them there.



  • @Tim_G said in Reset corrupt Personal certificate store in Windows 10:

    Are users' personal certificates in AD? What happens if you open certmgr.msc and then check in "Active Directory User Object" > Certificates? Credential Roaming puts them there.

    Not there yet. I'm hoping to move that direction, but we're about 90% Mac, so the impetus for centralization hasn't been there.



  • @dafyre said in Reset corrupt Personal certificate store in Windows 10:

    Try.... certutil -repairstore My ?

    I'll give that a whirl.



  • @Kelly said in Reset corrupt Personal certificate store in Windows 10:

    @dafyre said in Reset corrupt Personal certificate store in Windows 10:

    Try.... certutil -repairstore My ?

    I'll give that a whirl.

    Just fiddling with that command on my local box, and it looks like it will only allow me to run against a certificate, not the entire store. There don't appear to be any certs in the personal store currently as the Certificate folder is not there.



  • @Kelly

    Looks like you'll just have to rename the users profile. I don't do it that often but I think it's just a matter of

    • rebooting and logging in as another local admin user

    • renaming the problematic user profile to user.old or something

    • deleting the registry key for that users profile

    • Then finally logging back in as that user, then copying back the users stuff from the user.old profile folder.



  • But you might want to see if the same thing happens first when another user logs in. If so, then it's not a user profile issue most likely.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.