I have a laptop that has XP service Pack 1 and when i go to microsoft automatic updates it says that "Your Internet settings may be preventing ActiveX controls from running, therefore this page cannot be displayed".

I have reset all ActiveX controls to default and made sure ActiveX controls are enabled and even set security to low but still get this error.

I tried to download security updates manually but they fail and give an error about the "cryptography" service not started - but it is running in services, i checked!

I tried installing SP2 from CD but this also fails:sad:

When i try to perform a scan with MSBSA 2.0 (Microsoft Baseline security Analyzer) I get the following:

at first
Downloading security update information from Microsoft

then after a while the following message appears briefly
Failed to download security update databases.

followed by
Unable to scan all computers
The catalog file is damaged or an invalid catalog.:?:

Please help i only want to update before SP1 stops being supported in September:sad:

I am using IE version 6

11 Years
Discussion Span
Last Post by Duki

Have ya tried using Firefox ;) (in other words, the browser of champions)

Yes, but you can't use firefox for automatic updates, i have used to download the updates manually and get the same error as when i have downloaded with IE6 which is as follows:

I tried to download security updates manually but they fail and give an error about the "cryptography" service not started - but it is running in services, i checked!


Checking and fixing Cryptographic Services

Serdar Yegulalp
Rating: -4.36- (out of 5)
Microsoft's Cryptography Service is one of the more invisible and less widely-discussed services in Windows 2000 and XP. It is also one of the more important, as it provides a broad variety of services to Windows: encoding and decoding files stored in encrypted folders, for instance, or affirming that digital signatures are in fact valid.
The latter is actually one of the most important "silent" functions in Windows, since digital signatures are used to sign device drivers, applications and other Windows executables. A system patched with Windows XP Service Pack 2, for instance, is designed to warn the user if the system tries to run application without an appropriate signature. This could be an ActiveX control, an installer for a device driver or application, a Windows Update download or an encryption certificate.
If the Cryptography service is disabled, either manually or through a Group Policy operation, or its support files are damaged, a great variety of things can go wrong. Application installs may fail with a warning that the integrity of a file could not be verified or that it has not passed Windows Logo testing, that a digital signature could not be found, or that a package was not signed properly.

  1. If the problem is that new certificates cannot be added, the Trusted Publishers Lockdown policy may be in effect. This forces the system only to use existing trusted certificates and will prevent new ones from being added. Turn off this policy first for the machine(s) in question, add the certificates, and then turn the policy back on.
  2. Look in the Administrative Tools utility in Control Panel, then Services. Make sure the Cryptography Service is running. If it isn't, set its Startup Type to Automatic and then start it manually. If for some reason the Cryptography Service fails to start, then supporting files may be damaged.
  3. Try renaming the EDB.LOG file, which is found in %systemroot%system32catroot . A damaged .LOG file (which is generated automatically) may prevent the Cryptography Service from starting correctly.
  4. Also try renaming the directory %systemroot%system32Catroot2, which is the automatically-created root catalog directory for the certificate store. If this is also damaged, it will be regenerated automatically. (You will need to stop the Cryptography Service before you do this and restart it afterwards.)
  5. Re-register the DLLs associated with cryptography. This can be done from the command line by typing: regsvr32 softpub.dll
    regsvr32 /u wintrust.dll
    regsvr32 /u initpki.dll
    regsvr32 /u dssenh.dll
    regsvr32 /u rsaenh.dll
    regsvr32 /u gpkcsp.dll
    regsvr32 /u sccbase.dll
    (not found in Windows 2000)
    regsvr32 /u slbcsp.dll
    regsvr32 /u cryptdlg.dll
    regsvr32 /u licdll.dll
    regsvr32 /u regwizc.dll
    regsvr32 /u softpub.dll

    and then the same sequence of commands without the /u switch. Reboot afterwards to make sure the changes take effect.
  6. If Windows Updates are failing, make sure the certificates for IE are working correctly. In IE, look in Tools | Internet Options | Content | Certificates | Trusted Root Certification Authorities, and make sure the Microsoft Root Authority certificate is present. If it's missing, go to another computer, export the Microsoft Root Authority certificate as a DER encoded Binary x.509(.CER) file, copy it to the other computer and import it.

Source: http://searchwinit.techtarget.com/tip/0,289483,sid1_gci994336,00.html

Not sure if this is what you're looking for... let me know.


Spot on just what i'm looking for:cheesy:. Thanks Duki!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.