windows update: Cryptographic Operation Failed Due to Local Security Option Setting

  • Thread starter Thread starter andrew
  • Start date Start date
A

andrew

I pinpointed why I can't download anything from Windows Update,
but can't seem to fix it.

In order to download I have to Disable Computer Configuration
in the Local Computer Policy. This is a stand along workstation.

When it's enabled the following is on the General Tab of all
the Digital Certificates:
"Cryptographic Operation Failed Due to Local Security Option Setting".

I ran Gpresult
- I restored defaults with Secedit,
- I imported templates using the Security Configuration and Analysis MMC
Snapin,
- I reinstalled XP
- and read every posting in newsgroups and websites, trying all the
suggestions

BUT NOTHING GETS RID OF THIS.
PLEASE HELP ITS BEEN MONTHS AND IT'S DRIVING ME CRAZY.
 
do you get an error about your time being wrong when you try windows update?

If so try pointing windows update to the secure site rather than the
standard ie https://

I noticed the same problem with some w2k3 servers, they won't run windows
update and when I tried to apply a hotfix it failed and I had an error
concerning the cryptographic services. I've tracked the problem down to a
setting in the default domain policy but I don't know what setting it is as
of yet. I've blocked the default policy from being applied to my DC's and
windows update works fine, remove the block and it breaks.

Kerry
 
No, there's nothing about time, Windows Update says
"Software Installation Incomplete".

But I have a feeling this is a misleading error and the root of
the problem is with security and/or the certificates. Because when
I disable the Local Group Policy Computer Configuration,
the certificates are okay, and I can use windows update.

I turned auditing on, but there were no audit errors and no
errors or warning for Application or System Events either.

I'll try your suggestion anyway and post the result

This is a stand along laptop - not a member of a domain.
It was in a domain at one point, but it's in a workgroup today,
and since disjoining the domain I have been able to use update.

On 1/7/2004 when several MS and Verisign expired.
I removed them, which was a big mistake, then I couldn't do anything.
Since then I reinstalled them and the problems improved, but
have this one lingering issue.


thanks
 
Back
Top