Cryptographic Services

Description:
Provides 4 types of services:
  • Catalog Database Service, which confirms the signatures of Windows files (Windows File Protection) and whether drivers are signed correctly (WHQL) and allowing new programs to be installed.
  • Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer
  • Key Service, which helps enroll this computer for certificates
  • (Vista+) Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL
Note that Windows Update and Windows File Protection will not work if this service is not set to Automatic, and will complain when manually installing drivers and updates/servicepacks for Windows with the error:

Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer

Note the database, that contains information of what updates have been applied, can become corrupted and will cause this service to fail. To clear the database execute the following commands (If getting access denied when renaming the directory, then boot in safemode and try again):
  1. net stop cryptsvc
  2. del /q %systemroot%\system32\catroot2\Edb*.log
  3. del /q %systemroot%\security\Edb*.log
  4. net start cryptsvc
Note if this service fails to respond as expected for some reason, then when trying to disable a network connection like Local Area Connection, one will get the following error (Many times a restart will solve the issue):

Error Disabling Connection
It is not possible to disable the connection at this time. This connection may be using one or more protocols that do not support Plug-and-Play, or it may have been initiated by another user or the system account.

Related Fix a non-working Windows Update

More Info MS KB281458
More Info MS KB316524
More Info MS KB813442
More Info MS KB813444
More Info MS KB822798 (Replaces MS KB326815)

Recommended State:
  • Automatic
Default State:
  • Automatic
Process Name:
Supports:
Depends:

Updated: 13 December 2012

Comments:

  1. mkk says:

    Cryptographic Services seems to have the default state Manual with XP-SP2, with Windows Update working well like that. Just an update note.

  2. snakefoot says:

    mkk
    Cryptographic Services seems to have the default state Manual with XP-SP2, with Windows Update working well like that. Just an update note.

    I have now looked at several XP-SP2 installation (Both slipstreamed and upgraded) and all had the service set to Automatic. But I have also seen many places that XP will work fine with the service set to Manual, so I will update my "Trimmed" recommendation.

Leave a Reply

Your email address will not be published. Required fields are marked *