Windows 10 Code Integrity and Cryptographic problems, EventID: 513

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object

The Code Integrity component of Windows enforces the requirement that kernel-mode drivers be signed in order to load. Windows always generate Code Integrity operational events and optionally will generate additional system audit events and verbose diagnostic events that provide information about the status of driver signing.
The Code Integrity operational log includes warning events that indicate that a kernel-mode driver failed to load because the driver signature could not be verified. Signature verification can fail for the following reasons:
An administrator preinstalled an unsigned driver, but Code Integrity subsequently blocked loading the unsigned driver.
The driver is signed, but the signature is invalid because the driver file has been altered.
The system disk device might have device errors when reading the file for the driver from bad disk sectors.
For more information: https://msdn.microsoft.com/en-us/library/windows/hardware/ff539911(v=vs.85).aspx

Solution:
Run In Elevated Command Prompt:

dism /online /cleanup-image /restorehealth
sfc /scannow
powershell
Get-AppXPackage -AllUsers |Where-Object {$_.InstallLocation -like "*SystemApps*"} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Renewing SBS2011 Exchange Self-Signed Certificate

In SBS2011:

  1. Open Exchange Management Console > navigate to Server Configuration and review the Certificates in the right panel
  2. Identify the certificate that has expired (take note of the subject name and the services)
  3. Start ExMngmtnShell as Administrator
  4. type Get-ExchangeCertificate to list the installed certificates
  5. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint
  6. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate
  7. Remove the old expired certificate either from the Console or from the Shell using Remove-ExchangeCertificate -Thumbprint INSERTTHUMBPRINTHERE

Note: I had to restart the server for the certificate to take effect.