When you try to validate Windows from http://www.microsoft.com/genuine/validate, Windows downloads an update 971033, however when Windows tries to install the update, the update shows an error message that is mentioned above. Additionally, if you try to download the update KB971033 on your machine and run it manually, you may receive following error message:
Installer encountered an error: 0x80092026 The cryptographic operation failed due to a local security option setting.
This error occurs when the 'State' value of below mentioned registry key is incorrectly set. This value corresponds to the Internet Explorer security setting "Check for publisher’s certificate Revocation" and "Check for signatures on downloaded programs"
You can find a key with the name ‘State’. By default the values is set to – ‘23c00’
To resolve this problem, change the registry key to a valid setting, e.g.
State = 0x00023e00 - ‘Check for publisher’s certificate Revocation’ Unchecked State = 0x00023c00 - ‘Check for publisher’s certificate Revocation’ Checked
The wrong value might result from an issue described in following Knowledge Base article: 982606 The value of the "State" registry item is changed after a Group Policy preferences setting is applied in Windows Server 2008, in Windows Vista or in Windows Server 2008 R2
Use one of the methods:
Method 1: Editing the Registry
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Start Registry Editor (Regedit.exe)
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
On the left side pane look for State key and double click to open it
Change the Value data to 23c00 or 23e00 (Hexadecimal)
Quit Registry Editor.
Method 2: Create a reg file
In Notepad, paste the following information.
Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing"State"=dword:00023c00
Save the file as a .reg file.
Double-click the .reg file that you saved in step 3.
Above registry changes does not requires any reboot. You can try to install the update manually or can go to validate Windows online. You would be able to validate your Windows successfully.
In some cases, you might be required to update the 'State' value for following two registry as well.
Note: Ensure whatever value is updated for HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing, should be exact for above two registry.
Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Business, Windows Vista Enterprise, Windows Vista Ultimate, Windows Vista Service Pack 2, Windows Server 2008 Standard, Windows Server 2008 Standard without Hyper-V, Windows Server 2008 Enterprise, Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 Datacenter, Windows Server 2008 Datacenter without Hyper-V, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Service Pack 2, Windows 7 Home Basic, Windows 7 Home Premium, Windows 7 Professional, Windows 7 Enterprise, Windows 7 Ultimate, Windows 7 Service Pack 1, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Standard without Hyper-V, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Enterprise without Hyper-V, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Datacenter without Hyper-V, Windows Server 2008 R2 for Itanium-Based Systems, Windows Server 2008 R2 Service Pack 1