Cryptographic Service Error!

Now lets read on and try to solve YOUR problem...

Why is this Cryptographic
Service Error happening?

NB - If you get Error codes 126 or 643 then go to the end of this article for more information relating to these specific code errors.

This cryptographic service error issue occurs for one of TWO reasons:

---

You do NOT need to understand
what is happening, just follow these remedies:

---

1) Follow this if - You are trying to install Windows XP Service Pack 1

The first thing is to be aware of is that Microsoft themselves are aware of this issue and have released a fix to the database corruption issue... But more of that in a moment...

First we must just check the Cryptographic Services is actually running on your machine.

Start the Administrative Tools utility in Control Panel. 
Double-click Services. (this will open the services window)
Right-click Cryptographic Services, and then click Properties. 
Click Automatic for Startup type, and then click Start.

You can now try to reinstall Windows XP Service Pack 1

Now try and install again...

If it FAILS again...

Click Start menu, and then click the Run icon. 
In the small box that Opens, type the three letters:  cmd  then click the OK button. 
In the command prompt window that just opened (a black background and white text), type the following commands, pressing the ENTER key on your keyboard after each line: 

net stop cryptsvc
ren %systemroot%\system32\catroot2 oldcatroot2
net start cryptsvc 

Now type exit to close the command prompt window, and then try to install Windows XP Service Pack 1 again. It should now work... You may in some rare instances have to reboot your machine again first, so give this a try if it fails again...

If it FAILS again...

Manually delete the contents of %systemroot%\system32\catroot2 and reboot....

As I said earlier Microsoft are aware of this corruption issue and have made a an update available that can correct this issue. To obtain it visit the Windows Update site and download Q817287: Critical Update (Catalogue Database Corruption in Microsoft Windows), this should correct the corruption problem!

2) Follow this if - You are trying to install a Windows XP Security Patch

I have been surprised at the amount of emails I continue to received on the subject of cryptographic error messages...! Hopefully this will help you.

First we must just check the Cryptographic Services is actually running on your machine.

To do this: 

Start the Administrative Tools utility in Control Panel. 
Double-click Services. (this will open the services window)
Right-click Cryptographic Services, and then click Properties. 
Click Automatic for Startup type, and then click Start.

You can now try to reinstall security patch 823980

If it FAILS again...

Now Try again...

If that fails, try this:

Click Start menu, and then click the Run icon. 
In the small box that Opens, type the three letters:  cmd  then click the OK button. 
In the command prompt window that just opened (a black background and white text), type the following commands, pressing the ENTER key on your keyboard after each line: 

net stop cryptsvc
ren %systemroot%\system32\catroot2 oldcatroot2
net start cryptsvc 

Now type exit to close the command prompt window, and then try to security patch 823980. It should now work... You may in some rare instances have to reboot your machine again first, so give this a try if it fails again...

Manually delete the contents of %systemroot%\system32\catroot2 and reboot....

FAILED again?

Well seems to be happening to a few of you... so lets re-register some DLL files. sounds like fun, eh? Onwards and upwards!

Click Start menu, and then click the Run icon. 
In the small box that Opens, type the three letters:  cmd  then click the OK button. 
In the command prompt window that just opened (a black background and white text), type the following commands, pressing the ENTER key on your keyboard after each line:

net start cryptsvc
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll

Now type the word: exit  and the window will close. Now Reboot and try and reply the Microsoft Patch again...

NB - If you just can not face typing all that in the command line, simply download this batch file I have made and run it on your machine... It will do the typing for YOU!

FAILED yet Again?

 
(The following is ONLY XP Professional - NOT XP Home Edition)

Well, this is going to happen only to a handful of you... I hope!

Without getting too "techie" on you, there is an issue for some Windows XP Professional users where the computers Software Restriction Policy for the Local Computer only allows "Local computer administrators" to select "trusted publishers". This is causing the failure....

This occurs whether the user installing the security patch is an Administrator or not!

This may mean nothing to you and it does not have too.

Here is the work around:

Click Start menu, and then click the Run icon. 
In the small box that Opens, type:  gpedit.msc  then click the OK button. 
In the new windows that opens you will see a menu on the left hand side.
Under Computer Configuration you will see a folder called Windows Settings - double click it.
The new options that appear directly below include Security Settings - double click it.
The new options that appear directly below include Software
Restriction Policies - double click it.
Now on the right hand side of the window you will see an object called Trusted Publishers - double click it and a new window appears.

In this window change the setting under Allow the following users to select trusted publishers to the default which should be End Users.

FAILED yet Again?
 

You're kidding me?

Well, this is the LAST one "up my sleeve" for you...

Thanks to Bill Prentice a Network Administrator from the US for this tip...

It seems that in some patches can be installed with this workaround:

When a patch installs itself it will "unpack" all the files in too a temporary folder on your PC. If the install fails you might just be able to grab the file you need and move it to the folder Windows XP should have put it in...

Here is an example of what I mean.

First look for the following file on your computer:  dberr.txt

Open it and look for the entry that matches the patch number you just tried to install. In this example it is the security patch KB823980

We can clearly see that the security patch KB823980 failed to install because Windows XP claims it could NOT find it...

So we are going to give it a helping hand...

We will do this by copying the KB823980.cat file from the temporary unpack folder at the root of C: AND placing this copy in the C:\WINDOWS\System32\CatRoot folder... PLEASE do not put the copied file in the CatRoot2 folder by mistake!

(If you can not find the KB823980.cat file in this example, you could use the search facility on the start menu..)

Now run the patch again and it should install for you... :-)

---------------

Well that is all the "fix's" I have at the moment - but I do update this page when I hear of ANY more!

This just in:

Please Read:

To stop future cryptographic service corruption issues, make sure you have installed Windows XP Service Pack 1. Then install the specific patch for this issue: 817287: Critical Update (Catalogue Database Corruption in Microsoft Windows)... (please note you MUST have Windows XP SP1 installed!)