Patch failure - cryptographic service mentioned. Not the usual solution
From: andrew_webby at hotmail (andrew_webby_at_hotmail.com)
Date: 04/16/04
- Next message: dominic: "Ctrl + alt + dlt when logging onto network with xp"
- Previous message: Felix: "Local Policy in Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 16 Apr 2004 05:09:25 -0700
Hi all
I'm sure most of us sysadmins have come across patches failing to
install in XP giving errors regarding the cryptographic service. The
usual catroot2 fix is what we usually turn to first I think. In my
case, only the April security bulletin ones were failing, giving the
usual Cryptographic Service error. There was nothing wrong with the
catroot2 or service entries so that was a no-go.
When I ran the patch via the scheduler service remotely, it dumped
this in the event log:
Windows XP KB828741 installation failed.
The timestamp signature and/or certificate could not be verified or is
malformed.
I eventually traced it down to a group policy that had been
accidentally set:
Computer configuration, Windows, Security, Public Key Policies
Client computers can trust the following certificate stores: was set
to "Enterprise Root Certification Authorities" instead of "Third-party
Certification Authorities and Enterprise Root Certification
authorities".
KB835732 and KB828741 were the ones that were failing on me, previous
patches seemed OK. Maybe something changed at MS end or something, the
way they signed the patches or something, I dunno.
Anyway, posting here for the benefit of anyone else who hits this
problem.
- Next message: dominic: "Ctrl + alt + dlt when logging onto network with xp"
- Previous message: Felix: "Local Policy in Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
