1. Restart Cryptographic Services
- Open Command Prompt (Admin) and run:
net stop cryptsvc
net start cryptsvc
- This ensures that the cryptographic services required for update validation are running.
2. Clear Windows Update Components
- Open Command Prompt (Admin) and execute:
net stop wuauserv
net stop bits
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start bits
- This deletes corrupted cache files and forces Windows to re-download updates.
3. Run System File Checker (SFC) and DISM
- Open Command Prompt (Admin) and run:
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
- These tools repair corrupted system files and restore Windows image integrity.
4. Re-register Cryptographic DLLs
- Open Command Prompt (Admin) and run:
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll
- This ensures the cryptographic functions used by Windows Update are properly registered.
5. Temporarily Disable Antivirus/Firewall
- Disable third-party security programs.
- Retry Windows Update.
- Re-enable protection after installation.
6. Perform a Clean Boot
- Press Win + R, type msconfig, and press Enter.
- Go to Services → Hide all Microsoft services → Disable all.
- Restart in Clean Boot mode and retry updates.
7. Manually Install Updates
- Visit the Microsoft Update Catalog.
- Search for the KB number of the failed update.
- Download and install it manually.
8. Use Windows Update Assistant
Download and run the Windows Update Assistant from Microsoft’s official site to bypass cryptographic issues and install updates safely.