When trying to download ActiveX controls, install updates of Windows or Windows components, install Service Pack of Windows or Windows components, or install Microsoft or third-party software programs, you may encounter one or more of the following symptoms:? When you try to install programs or updates, you may receive the following error message:
No digital signature found.
Microsoft digital signature confirms that the software has been tested by Windows and the software has not been modified after the test.
The software you are about to install does not contain a Microsoft digital signature. Therefore, there is no guarantee that the software can work normally on Windows.
The name of the package
If you want to search for Microsoft digital signature software, please visit the Windows Update website to see if there is any software available.
Do you want to continue the installation?
If you click Details, you will receive the following message:
Microsoft Windows software
The signature on the package you want to install is invalid. The package is not signed correctly.
After clicking OK in the first error message dialog box, you may receive a message indicating that the installation was successful, or you may receive the following error message:
Update the name of the package
The encryption operation failed due to the local security option setting.
When you try to install an update or service pack, you may receive an error message similar to one of the following:? Update the name of the package
Setup cannot verify the integrity of the file Update.inf Please ensure that the encryption service is running on this computer.
Unable to install directory file.
The software you are installing has not passed the Windows logo test, and its compatibility with Windows XP cannot be verified. Tell me why this test is important. )
This software will not be installed. Please contact the system administrator.
The software you are installing has failed the Windows logo test, and its compatibility with this version of Windows cannot be verified. Tell me why this test is important. )
When you try to install Windows XP Service Pack, you may receive an error message similar to the following:
Service Pack 1 Setup cannot verify the integrity of the file. Please ensure that the encryption service is running on this computer.
When you try to install Microsoft Data Access Component (MDAC) 2.8, you may receive an error message similar to the following:
INF installation failed. Reason: The timestamp signature and/or certificate cannot be verified or is corrupted.
% windir% \ system32 \ catroot2 \ edb.log may increase to 20 MB, although this file is usually less than 1 MB.
When you try to install a software package from the Windows Update website or the Microsoft Update website, you may receive a message similar to the following:
The software failed the Windows logo test and will not be installed.
When checking the %systemroot%\Windowsupdate.log file, you may see one of the following errors: 0x8009600 1
0x80096005
0x800960 10
0x800B000 1
0x800B0003
0x800B0004
0x800B0 109
0x8007f0da
When using Microsoft Windows Update on a Windows XP-based computer, the update process may fail and you may receive an "0x8007f007" error message. This problem may occur regardless of the type of update you choose.
cause
This problem may occur if one or more of the following conditions exist:? The log file or database in the %Systemroot%\System32\Catroot2 folder is corrupted.
The encryption service is set to be disabled.
Other Windows files are damaged or missing.
The timestamp signature or certificate cannot be verified or contains malicious code.
Hidden properties are set for the %Windir% folder or one of its subfolders.
The group Policy setting of "Unsigned Non-Driver Installation Operation" (Windows 2000 only) is set to "Do not install" or "Allow warning installation", or the binary value of "policy" in the following registry key is not set to 0:
HKEY _ local _ Machine \ Software \ Microsoft \ Non-driver signature
The Enable Trusted Publisher Lockout group policy setting is enabled, and you do not have the appropriate certificate in the trusted publisher certificate store. This group policy setting is located under User Configuration, Windows Settings, Internet Explorer Maintenance, Security and Authentication Code Settings in the MMC snap-in.
You are installing Internet Explorer 6 SP 1, but you have already installed the 823559 (MS03-023) security update. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
828031(/KB/828031) When trying to install Internet Explorer 6 SP 1, the error message "The software you are installing failed the Windows logo test ..." appears.
This problem occurs because there is a problem with the damaged software distribution folder.
solution
To solve this problem, please use the following methods. After performing the steps in each method, you should test to see if the problem is solved, and then go to the next method. If you solve the problem in one way, you don't have to use the rest.
Method 1: Rename the Edb.log file.
To solve this problem, rename the Edb.log file, and then try to install this program again. To rename the Edb.log file, please follow these steps: 1. Click Start, click Run, type cmd in the open box, and then click OK.
2. At the command prompt, type the following command and press Enter:
ren % systemroot % \ system32 \ catroot 2 \ EDB . log *。 transition state theory
Method 2: Set the encryption service to automatic.
Please set the encryption service to automatic, and then try to install this program again. To set the encryption service to automatic, please follow these steps: 1. Start the administrative tools utility in the control panel.
2. Double-click "Services".
Right-click the cryptographic service, and then click Properties.
4. For the startup type, click Automatic, and then click Start.
Note: Windows 2000 does not list encryption services in the service management utility.
Method 3: Rename the Catroot2 folder
Rename the Catroot2 folder (Windows XP and Windows Server 2003 only), and then try to install this program again.
Note: If the operating system is Windows 2000, please skip this method.
To rename the Catroot2 folder, please follow these steps: 1. Delete all tmp*. Cat files in the following folder:
% systemroot % \ system32 \ CatRoot \ { 127 d0a 1D-4e F2- 1D 1-8608-00 c 04 fc 295 ee } % systemroot % \ system32 \ CatRoot \ { f 750 E6 c 3-38EE- 1D 1-85e 5-00 c 04 fc 2958
2. Click Start, click Run, type cmd, and then click OK.
3. At the command prompt, type the following command line and press Enter after each line:
Network stop password
Ren% systemroot% \ system32 \ catroot 2 Old catroot2
Network startup password
export
Important: Do not rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder will not be recreated after renaming.
Back to the top
Method 4: Re-register the DLL file associated with the encryption service.
Register. Please follow the following steps: 1. Click Start, click Run, type cmd in the open box, and then click OK.
2. At the command prompt, type the following command and press Enter after typing each line:
regsvr 32/u softpub.dll
regsvr 32/u wintrust.dll
regsvr 32/u initpki.dll
regsvr 32/u dssenh.dll
regsvr 32/u rsaenh.dll
regsvr 32/u gpkcsp.dll
regsvr 32/u sccbase.dll
regsvr 32/u slbcsp.dll
regsvr 32/u mssip32.dll
regsvr 32/u cryptdlg.dll
export
Note: When prompted, click OK.
Note: Microsoft Windows 2000 does not contain Sccbase.dll files. If you are running Windows 2000 version, please ignore this Sccbase.dll file.
3. Restart the computer.
4. Click Start, click Run, type cmd in the open box, and then click OK.
5. At the command prompt, type the following command and press Enter after typing each line:
Registrar of softpub.dll 32
Registrar of wintrust.dll 32
Registrar of initpki.dll 32
Registrar of dssenh.dll 32
Registrar of rsaenh.dll 32
Registrar of gpkcsp.dll 32
Registrar of sccbase.dll 32
Registrar of slbcsp.dll 32
Registrar of mssip32.dll 32
Registrar of cryptdlg.dll 32
export
Note: When prompted, click OK.
Note: Microsoft Windows 2000 does not contain Sccbase.dll files. If you are running Windows 2000 version, please ignore this Sccbase.dll file.
Method 5: Delete the hidden properties of %Windir% and its subfolders.
1. Click Start, click Run, type cmd in the open box, and then click OK.
2. Type the following command at the command prompt, and press Enter after typing each line:
Attribute -s -h %windir%
attrib -s -h %windir%\system32
attrib-s-h % windir % \ system32 \ catroot 2
export
Method 6: Set the non-driver signature policy as the default policy to continue.
If you are running Windows 2000 version, please configure the group policy setting "Unsigned non-driver installation operation" to "Continue by default". This group policy setting is located in the group policy MMC snap-in under Computer Configuration, Windows Settings, Security Settings, Local Policies and Security Options. If you are running Windows XP or later, this group policy setting will no longer be supported. In this case, please follow the following steps to solve this problem: 1. Click Start, click Run, type regedit, and then click OK.
2. Locate and click the following key in the registry:
HKEY _ local _ Machine \ Software \ Microsoft \ Non-driver signature
3. Right-click the binary value of the policy and click Modify.
4. These digital data will be displayed in the following format:
0000 02
Press Delete to delete the current value (02 in this example), and then type 0 (the current value will now be displayed as 00).
Click OK, and then exit Registry Editor.
Method 7: Temporarily turn off the trusted publisher lock, and then install the appropriate certificate in the trusted publisher certificate store.
You can continue to use the Enable Trusted Publisher Lockout group policy setting, but you must first add the appropriate certificate to the trusted publisher certificate store. To do this, turn off the Enable Trusted Publisher Lockout group policy setting, install the appropriate certificate in the trusted publisher certificate store, and then turn on the Enable Trusted Publisher Lockout group policy setting again. To install the appropriate certificates for Microsoft Windows and Microsoft Internet Explorer product updates, follow these steps: 1. Download the Microsoft product updates to be installed from the Microsoft download center, the Windows Update directory or the Microsoft Update directory. For more information about how to download product updates from the Microsoft Download Center, click the following article number to view the article in the Microsoft Knowledge Base:
119591(/kb/119591/) How can I get Microsoft support files from online services?
For more information about how to download product updates from the Windows Update catalog or the Microsoft Update catalog, click the following article number to view the article in the Microsoft Knowledge Base:
323166 (/KB/323166/) How to download updates and drivers from the Windows Update directory?
2. Unzip the product update package into a temporary folder. The command line command used for this operation depends on the update you want to install. Please check the Microsoft Knowledge Base article related to this update to determine the appropriate command line switch to extract the package. For example, to extract the 824 146 security update of Windows XP into the folder C:\824 146, please run Windows XP-KB 824146-x86-CHS-X: c: \ 824146. To extract the 828750 security update of Windows XP into the C:\828750 folder, please run q828750.exe/C/T: C: \ 828750.
3. In the temporary folder created in step 2, right-click the KBNumber.cat file in the product update package, and then click Properties.
Note: The KBNumber.cat file may be located in a subfolder. For example, the file may be located in the folder c: \ 824146 \ sp1\ update or in the folder C:\824 146\sp2\update.
4. On the Digital Signature tab, click the digital signature, and then click Details.
5. Click View Certificate, and then click Install Certificate.
6. Click Next to start the certificate import wizard.
7. Click to put all certificates in the following store, and then click Browse.
8. Click Trusted Publishers, and then click OK.
9. Click Next, click Finish, and then click OK.
Method 8: Verify the status of all certificates in the certificate path and import the lost or damaged certificates from another computer.
To verify the certificate in the certificate path of a Windows or Internet Explorer product update, follow these steps:
Step 1: Verify the Microsoft certificate.
1. In Internet Explorer, click Tools, and then click Internet Options.
2. On the Content tab, click Certificate.
3. On the Trusted Root Certification Authorities tab, double-click Microsoft Root Certification Authorities. If the certificate does not exist, go to step 2.
4. On the General tab, ensure that the effective period start date is1101997 to 12/3 1/2020.
5. On the Certificate Path tab, under Certificate Status, verify that there is no problem with the certificate.
6. Click OK, and then double-click Do not accept the certificate of responsibility.
7. On the General tab, ensure that the effective period start date is 5/111997 to 1/7/2004.
8. On the Certificate Path tab, verify that "This certificate has expired or is not yet effective" or "This certificate is OK" is displayed under Certificate Status.
Note: Although this certificate has expired, it can still be used. If the certificate is lost or revoked, the operating system may not work properly. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Windows Server 2003, Windows XP and Windows 2000 require a trusted root certificate of 293781(/KB/293781/).
Click OK, and then double-click the GTE network trust root certificate. You may have more than one such certificate with the same name. Check whether the certificate is valid on February 23, 2006.
10. On the General tab, make sure that the effective period start date is from 2/23/ 1996 to 2/23/2006.
1 1. On the Certificate Path tab, under Certificate Status, verify that the certificate is ok.
Note: Although this certificate has expired, it can still be used. If the certificate is lost or revoked, the operating system may not work properly. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Windows Server 2003, Windows XP and Windows 2000 require a trusted root certificate of 293781(/KB/293781/).
12. Click OK, and then double-click the Thawte timestamp CA.
13. On the General tab, ensure that the effective period start date is12/311996 to 12/3 1/2020.
14. On the Certificate Path tab, under Certificate Status, verify that the certificate is ok.
Step 2: Import the lost or damaged certificate
If one or more of these certificates are lost or damaged, please export the lost or damaged certificates to another computer, and then install them on your computer. To export a certificate to another computer, please follow these steps: 1. In Internet Explorer, click Tools, and then click Internet Options.
2. On the Content tab, click Certificate.
3. On the Trusted Root Certification Authorities tab, click the certificate you want to export.
4. Click Export, and then follow the instructions to export the certificate as "DER encoded binary x.509 (. CER) "file.
5. After exporting the certificate file, copy it to the computer to be imported.
6. On the computer where you want to import the certificate, double-click the certificate.
7. Click Install Certificate, and then click Next.
Click Finish, and then click OK.
Method 9: Clear the temporary files and restart the patch installation or service pack installation.
To clear temporary files and restart patch installation or Service Pack installation, please follow the following steps: 1. Remove all tmp*. Cat files in the following folder:
% systemroot % \ system32 \ CatRoot \ { 127 d0a 1D-4ef 2- 1D 1-8608-00 c 04 fc 295 ee }
% systemroot % \ system32 \ CatRoot \ { f 750 E6 c 3-38EE- 1 1d 1-85e 5-00 c 04 fc 295 ee }
2. Type the following at the command prompt, and then press Enter:
Net stop cryptsvc Renames% systemroot% \ system32 \ catroot2% systemroot% \ system32 \ oldcatroot2net Start Cryptsvc.
3. Restart the failed patch installation or Service Pack installation.
Method 10: Clear all files in the software distribution folder. To do this, please follow the following steps:
1. Click Start, click Run, type services.msc, and then click OK.
2. In the Services (Local) pane, right-click Automatic Update, and then click Stop.
3. Minimize the service (local) window.
4. Select all the contents in the Windows distribution folder, and then delete them.
Note: By default, the Windows distribution folder is located in the drive: \ Windows \ Software distribution folder. Where drive is a placeholder for the drive where Windows is installed.
5. Make sure that the Windows distribution folder is empty, and then maximize the service (local) window.
6. In the Services (Local) pane, right-click Automatic Updates, and then click Start.
7. Restart the computer, and then run Windows Update again.