Windows Certificate Path Validation - Network Retrieval - x509 Error

EnthusiastXYZ

Limp Gawd
Joined
Jun 26, 2020
Messages
138
I always use secpol.msc to disable Revocation and Network Retrieval for Windows Certificate Path Validation to prevent Windows from contacting ctldl.windowsupdate.com, which it does even when Windows Update is disabled in policy settings and in services.msc. It works fine in Windows 10 1709-1909, but once I clean-install Windows 10 Pro 19043.844, disabling Revocation does not create any problems, but disabling Network Retrieval cuts me off the internet. When I try to use 3rd party DNS resolver, it spits out x509 Certificate error. Re-enabling Network Retrieval fixes the issue, but it also makes Windows contact ctldl.windowsupdate.com. Any ideas why Windows is enforcing Network Retrieval in version 19043.844? For now the best I can do is block ctldl.windowsupdate.com in hosts file and in firewall, but it isn't the most optimal solution.
 

FSCDiablo

Limp Gawd
Joined
Jul 3, 2003
Messages
293
resistance-is-futile-windows-10.png

Sorry can't help, just trolling.
 
Top