Symptom:
When you try to download an ActiveX control, install an update to Windows or to a Windows component, install a service pack for Windows or for a Windows component, or install a Microsoft or third-party software program, you may experience one or more of the following symptoms:
Digital Signature Not Found
The Microsoft digital signature affirms that software has been tested with Windows and that the software has not been altered since it was tested.
The software you are about to install does not contain a Microsoft digital signature. Therefore, there is no guarantee that this software works correctly with Windows.
Name of software package
If you want to search for Microsoft digitally signed software, visit the Windows Update Web site at http://windowsupdate.microsoft.com to see if one is available.
Do you want to continue the installation?If you click More Info, you receive the following message:
Microsoft Windows
The signature on the software package you want to install is invalid. The software package is not signed properly.After you click OK in the first error message dialog box, you may receive a message that states that the installation was successful, or you may receive the following error message:
Name of Update Package
The cryptographic operation failed due to a local security option setting.
When you try to install an update or to install a service pack, you may receive an error message that is similar to one of the following:
Name of Update Package
Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer.Failed to install catalog files.
The software you are installing has not passed Windows Logo testing to verify its compatibility with Windows XP. (Tell me why this testing is important.)
This software will not be installed. Contact your system administrator.
- The software you are installing has not passed Windows Logo testing to verify its compatibility with this version of Windows. (Tell me why this testing is important.)
Service Pack 1 Setup could not verify the integrity of the file. Make sure the Cryptographic service is running on this computer
INF Install failure. Reason: The timestamp signature and/or certificate could not be verified or is malformed.
The software has not passed Windows logo testing and will not be installed.
When you examine the %systemroot%\Windowsupdate.log file, you may see an entry for one of the following errors:
The Svcpack.log file may contain entries that are similar to the following:
937.406: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32 \CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.scw.cat with error 0x57
937.437: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.scw.cat with error 0x80092004 940.344: InstallSingleCatalogFile: MyInstallCatalog failed for Tmp.0.scw.cat; error=0xfffffbfe.
940.344: DoInstallation:MyInstallCatalogFiles failed:STR_CATALOG_INSTALL_FAILED
955.125: UnRegisterSpuninstForRecovery, failed to delete SpRecoverCmdLine value, error 0x2
955.125: DoInstallation: Failed to unregistering spuninst.exe for recovery.
962.656: DeRegistering the Uninstall Program -> Windows Server 2003 Service Pack, 0
962.656: Failed to install catalog files.
1448.406: Message displayed to the user: Failed to install catalog files.
1448.406: User Input: OK
1448.406: Update.exe extended error code = 0xf01e
1448.406: Update.exe return code was masked to 0x643 for MSI custom action compliance
Cause:
This problem may occur if one or more of the following conditions are true:
The Unsigned non-driver installation behavior Group Policy setting (Windows 2000 only) is set to Do not allow installation or Warn but allow installation, or the Policy binary value is not set to 0 in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing
You are installing Internet Explorer 6 SP1, and the 823559 (MS03-023) security update is installed. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
828031 "The software you are installing has not passed Windows Logo testing..." error message when you try to install Internet Explorer 6 Service Pack 1
Resolution:
To resolve this problem, use the following methods. After you perform the steps in each method, test to see whether the problem is resolved before you go on to the next method. If the problem is resolved by any method, you do not have to use the remaining methods.
Method 1: Rename the Edb.log file
Rename the Edb.log file, and then try to install the program again. To rename the Edb.log file, follow these steps:
At the command prompt, type the following command, and then press ENTER:
ren %systemroot%\system32\catroot2\Edb.log *.tst
Method 2: Set Cryptographic Services to automatic
Set the Cryptographic Services to Automatic, and then try to install the program again. To set the Cryptographic Services to Automatic, follow these steps:
Note: Windows 2000 does not list Cryptographic Services in the SERVICES Administrative Utility.
Method 3: Rename the Catroot2 folder
Rename the Catroot2 folder (Windows XP and Windows Server 2003 only), and then try to install the program again.
Note: Skip this method if the operating system is Windows 2000.
To rename the Catroot2 folder, follow these steps:
At the command prompt, type the following commands, and then press ENTER after each line:
net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc
exit
Remove all tmp*.cat files from the following folder:
%systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
If no files that start with tmp exist in this folder, do not remove any other files. The .cat files in this folder are necessary for installing hotfixes and service packs.
Important: Do not rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder is not recreated if the Catroot folder is renamed.
Method 4: Reregister DLL files that are associated with Cryptographic Services
To register .dll files that are associated with Cryptographic Services, follow these steps:
At the command prompt, type the following commands, and press ENTER after each command:
regsvr32 /u softpub.dll
regsvr32 /u wintrust.dll
regsvr32 /u initpki.dll
regsvr32 /u dssenh.dll
regsvr32 /u rsaenh.dll
regsvr32 /u gpkcsp.dll
regsvr32 /u sccbase.dll
regsvr32 /u slbcsp.dll
regsvr32 /u mssip32.dll
regsvr32 /u cryptdlg.dll
exit
Note: Click OK if you are prompted.
Note: Microsoft Windows 2000 does not include the Sccbase.dll file. If you are running a version of Windows 2000, omit the Sccbase.dll file.
At the command prompt, type the following commands, and press ENTER after each command:
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 mssip32.dll
regsvr32 cryptdlg.dll
exit
Note: Click OK if you are prompted.
Note: Microsoft Windows 2000 does not include the Sccbase.dll file. If you are running a version of Windows 2000, omit the Sccbase.dll file.
Method 5: Remove the hidden attribute from %Windir% and from its subfolders
At the command prompt, type the following commands, pressing ENTER after each line:
attrib -s -h %windir%
attrib -s -h %windir%\system32
attrib -s -h %windir%\system32\catroot2
exit
Method 6: Set non-driver signing policy to silently succeed
If you are running a version of Windows 2000, set the Unsigned non-driver installation behavior Group Policy setting to Silently succeed. This Group Policy setting is located under Computer Configuration, under Windows Settings, under Security Settings, under Local Policies, under Security Options in the Group Policy MMC snap-in. If you are running Windows XP or a later version of Windows, this Group Policy setting is no longer supported. In this case, follow these steps to resolve this problem:
Locate, and then click the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing
The Value data will appear in the following format:
0000 02
Press DELETE to remove the current value (02 in this example), and then type 0 (the current value will now appear as 00).
Method 7: Temporarily turn off Trusted Publishers Lockdown and install the appropriate certificates to your trusted publishers certificate store
You can continue to use the Enable trusted publisher lockdown Group Policy setting, but you must first add the appropriate certificates to your Trusted Publishers certificate store. To do this, turn off the Enable trusted publisher lockdown Group Policy setting, install the appropriate certificates in your Trusted Publishers certificate store, and then turn the Enable trusted publisher lockdown Group Policy setting back on. To install the appropriate certificate for Microsoft Windows and Microsoft Internet Explorer product updates, follow these steps:
Download the Microsoft product update that you want to install from the Microsoft Download Center, from the Windows Update Catalog, or from the Microsoft Update Catalog. For more information about how to download product updates from the Microsoft Download Center, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from Online Services?
For more information about how to download product updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:
323166 How to download updates that include drivers and hotfixes from the Windows Update Catalog?
Method 8: Verify the status of all certificates in the certification path and import missing or damaged certificates from another computer
To verify certificates in the certificate path for a Windows or Internet Explorer product update, follow these steps:
Step 1: Verify Microsoft certificates
On the Certification Path tab, verify that either This certificate has expired or is not yet valid or This certificate is OK appears under Certificate Status.
Note: Although this certificate is expired, the certificate will continue to work. The operating system may not work correctly if the certificate is missing or revoked. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
293781 Trusted root certificates that are required by Windows 2000, by Windows XP, and by Windows Server 2003
On the Certification Path tab, verify that This certificate is OK appears under Certificate Status.
Note: Although this certificate is expired, the certificate will continue to work. The operating system may not work correctly if the certificate is missing or revoked. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
293781 Trusted root certificates that are required by Windows 2000, by Windows XP, and by Windows Server 2003
Step 2: Import missing or damaged certificates
If one or more of these certificates are missing or corrupted, export the missing or corrupted certificates to another computer, and then install the certificates on your computer. To export certificates on another computer, follow these steps:
Method 9: Clear the temporary file and restart the hotfix installation or the service pack installation
Note: Skip this method if the operating system is Windows 2000.
To clear the temporary file and restart the hotfix installation or the service pack installation, follow these steps:
Delete all the kb*.cat files in the following folders:
%systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
%systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
At the command prompt, type the following commands. Press ENTER after each command.
net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc
exit
Method 10: Empty the software distribution folder
Method 11: Perform an in-place upgrade
For information about how to perform an in-place upgrade, click the following article number to view the article in the Microsoft Knowledge Base:
315341 How to perform an in-place upgrade (reinstallation) of Windows XP?
More Information:
For more information about a resolution that is intended for Windows 2000 only, click the following article number to view the article in the Microsoft Knowledge Base:
281458 Error message when you install a Windows 2000 service pack or product update
This problem has been reported to occur with the following updates:
328310 MS02-071: Flaw in Windows WM_TIMER message handling can enable privilege elevation
810565 Hyperlinks open in Internet Explorer instead of in default browser or Help and Support Center
327979 Game stops responding (hangs) or quits unexpectedly when introductory video clip is played
322011 You cannot preview a fax in the Fax Console
811630 HTML Help update to limit functionality when it is invoked with the window.showHelp( ) method
810577 MS03-005: Unchecked buffer in Windows redirector may permit privilege elevation
329441 You cannot create a network connection after you restore Windows XP
329170 MS02-070: Flaw in SMB signing may permit Group Policy to be modified
810833 MS03-001: Unchecked buffer in the Locator service might permit code to run
For more information about how to configure automatic updates in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
306525 How to configure and use Automatic Updates in Windows XP?
The information in this article applies to:
Keywords: MS Article ID 822798
Related Topics :