Eu revisaria este artigo do MSDN
Ele também contém um hot fix automático .
Detalhes do artigo (e há 11 opções diferentes aqui, desculpe apenas copiar tudo, mas como não tenho idéia do que é relevante para você ou não, eu pensei que ter muito é melhor do que não o suficiente).
Manual methods Method 1: Set Cryptographic Services to automatic Set Cryptographic Services to Automatic, and then try to install the program again. To set Cryptographic Services to Automatic, follow these steps:
Start the Administrative Tools utility in Control Panel. Double-click Services. Right-click Cryptographic Services, and then click Properties. Click Automatic for Startup type, and then click Start.
Note Windows 2000 does not list Cryptographic Services in the SERVICES Administrative Utility. Method 2: Rename the Catroot2 folder Rename the Catroot2 folder (Windows XP and Windows Server 2003 only), and then try to install the program again.
Note Skip this method if the operating system is Windows 2000.
To rename the Catroot2 folder, follow these steps:
Click Start, click Run, type cmd, and then click OK. At the command prompt, type the following commands, and then press ENTER after each line: net stop cryptsvc ren %systemroot%\System32\Catroot2 oldcatroot2 net start cryptsvc exit Remove all tmp*.cat files from the following folder: %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} If no files that start with tmp exist in this folder, do not remove any other files. The .cat files in this folder are necessary
for installing hotfixes and service packs.
Important Do not rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder is not recreated if the Catroot folder is renamed. Method 3: Reregister the DLL files that are associated with Cryptographic Services To register .dll files that are associated with Cryptographic Services, follow these steps:
Click Start, click Run, type cmd in the Open box, and then OK. Note On a Windows Vista-based computer, click Start, type cmd in the Start Search box, right-click cmd.exe, and then click Run as
administrator. At the command prompt, type the following commands, and press ENTER after each command:
regsvr32 /u softpub.dll
regsvr32 /u wintrust.dll
regsvr32 /u initpki.dll
regsvr32 /u dssenh.dll
regsvr32 /u rsaenh.dll
regsvr32 /u gpkcsp.dll
regsvr32 /u sccbase.dll
regsvr32 /u slbcsp.dll
regsvr32 /u mssip32.dll
regsvr32 /u cryptdlg.dll
exit
Note Click OK if you are prompted.Note Microsoft Windows 2000 does not include the Sccbase.dll file. If you are running a version of Windows 2000, omit the Sccbase.dll
file. Restart your computer.
Click Start, click Run, type cmd in the Open box, and then click OK. At the command prompt, type the following commands, and press ENTER after each command: regsvr32 /u softpub.dll
regsvr32 /u wintrust.dll
regsvr32 /u initpki.dll
regsvr32 /u dssenh.dll
regsvr32 /u rsaenh.dll
regsvr32 /u gpkcsp.dll
regsvr32 /u sccbase.dll
regsvr32 /u slbcsp.dll
regsvr32 /u mssip32.dll
regsvr32 /u cryptdlg.dll
exit
Note Click OK if you are prompted.
Note Microsoft Windows 2000 does not include the Sccbase.dll file. If you are running a version of Windows 2000, omit the Sccbase.dll
file.
Restart the computer.Method 4: Remove the hidden attribute from %Windir% and from its subfolders To do this, follow these steps:
Click Start, click Run, type cmd in the Open box, and then OK. Note On a Windows Vista-based computer, click Start, type cmd in the Start Search box, right-click cmd.exe, and then click Run as
administrator.
At the command prompt, type the following commands, pressing ENTER after each line:
attrib -s -h %windir%
attrib -s -h %windir%\system32
attrib -s -h %windir%\system32\catroot2
exitMethod 5: Set non-driver signing policy to silently succeed If you are running a version of Windows 2000, set the Unsigned non-driver installation behavior Group Policy setting to Silently succeed. This Group Policy setting is located under Computer Configuration, under Windows Settings, under Security Settings, under Local Policies, under Security Options in the Group Policy MMC snap-in.
Note The setting of the group policy in Windows 2000 may take effect after a few minutes. This depends on the setting of the Group Policy refresh interval. For more information, see "How to modify the default Group Policy refresh interval".
If you are running Windows XP or a later version of Windows, this Group Policy setting is no longer supported. In this case, follow these steps to resolve this problem:
Click Start, click Run, type regedit, and then click OK. Note On a Windows Vista-based computer, click Start, type regedit in the Start Search box, right-click regedit.exe, and then click Run
as administrator.
Locate, and then click the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing
Right-click the Policy binary value, and then click Modify.
The Value data will appear in the following format:0000 02 Press DELETE to remove the current value (02 in this example), and then type 0 (the current value will now appear as 00). Click OK, and then quit Registry Editor.
Method 6: Rename the Edb.log file Rename the Edb.log file, and then try to install the program again. To rename the Edb.log file, follow these steps:
Click Start, click Run, type cmd in the Open box, and then OK. Note On a Windows Vista-based computer, click Start, type cmd in the Start Search text box, right-click cmd.exe, and then click Run as
administrator.
At the command prompt, type the following command, and then press ENTER:
ren %systemroot%\system32\catroot2\Edb.log *.tstMethod 7: Temporarily turn off Trusted Publishers Lockdown and install the appropriate certificates to your trusted publishers certificate store You can continue to use the Enable trusted publisher lockdown Group Policy setting, but you must first add the appropriate certificates to your Trusted Publishers certificate store. To do this, turn off the Enable trusted publisher lockdown Group Policy setting, install the appropriate certificates in your Trusted Publishers certificate store, and then turn the Enable trusted publisher lockdown Group Policy setting back on. To install the appropriate certificate for Microsoft Windows and Microsoft Internet Explorer product updates, follow these steps:
Download the Microsoft product update that you want to install from the Microsoft Download Center, from the Windows Update Catalog,
or from the Microsoft Update Catalog. For more information about how to download product updates from the Microsoft Download Center, click the following article number to view the article in the Microsoft Knowledge Base: 119591 How to obtain Microsoft support files from Online Services For more information about how to download product updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base: 323166 How to download updates that include drivers and hotfixes from the Windows Update Catalog Extract the product update package to a temporary folder. The command-line command that you use to do this depends on the update that you are trying to install. View the Microsoft Knowledge Base article that is associated with the update to determine the appropriate command-line switches that you will use to extract the package. For example, to extract the 824146 security update for Windows XP to the C:4146 folder, run Windowsxp-kb824146-x86-enu -x:c:4146. To extract the 828750 security update for Windows XP to the C:8750 folder, run q828750.exe /c /t:c:8750. Right-click the KBNumber.cat file from the product update package in the temporary folder you created in step 2, and then click Properties.
Note The KBNumber.cat file may be in a subfolder. For example, the file may be in the C:4146\sp1\update folder or in the
C:4146\sp2\update folder.
On the Digital Signatures tab, click the digital signature and then click Details.
Click View Certificate, and then click Install Certificate.
Click Next to start the Certificate Import Wizard.
Click Place all certificates in the following store, and then click Browse.
Click Trusted Publishers, and then click OK.
Click Next, click Finish, and then click OK.Method 8: Verify the status of all certificates in the certification path and import missing or damaged certificates from another computer To verify certificates in the certificate path for a Windows or Internet Explorer product update, follow these steps: Step 1: Verify Microsoft certificates
In Internet Explorer, click Tools, and then click Internet Options. On the Content tab, click Certificates. On the Trusted Root Certification Authorities tab, double-click Microsoft Root Authority. If this certificate is missing, go on to
step 2.
On the General tab, make sure that the Valid from dates are 1/10/1997 to 12/31/2020.
On the Certification Path tab, verify that This certificate is OK appears under Certificate Status.
Click OK, and then double-click the NO LIABILITY ACCEPTED certificate.
On the General tab, make sure that the Valid from dates are 5/11/1997 to 1/7/2004.
On the Certification Path tab, verify that either This certificate has expired or is not yet valid or This certificate is OK appears under Certificate Status.Note Although this certificate is expired, the certificate will continue to work. The operating system may not work correctly if the
certificate is missing or revoked. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
293781 Trusted root certificates that are required by Windows 2000, by Windows XP, and by Windows Server 2003
Click OK, and then double-click the GTE CyberTrust Root certificate. You may have more than one of these certificates with the same name. Check the certificate that has an expiration date of 2/23/2006.
On the General tab, make sure that the Valid from dates are "2/23/1996 to 2/23/2006."
On the Certification Path tab, verify that This certificate is OK appears under Certificate Status.Note Although this certificate is expired, the certificate will continue to work. The operating system may not work correctly if the
certificate is missing or revoked. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
293781 Trusted root certificates that are required by Windows 2000, by Windows XP, and by Windows Server 2003
Click OK, and then double-click Thawte Timestamping CA.
On the General tab, make sure that the Valid from dates are "12/31/1996 to 12/31/2020."
On the Certification Path tab, verify that This certificate is OK appears under Certificate Status.Step 2: Import missing or damaged certificates If one or more of these certificates are missing or corrupted, export the missing or corrupted certificates to another computer, and then install the certificates on your computer. To export certificates on another computer, follow these steps:
In Internet Explorer, click Tools, and then click Internet Options. On the Content tab, click Certificates. On the Trusted Root Certification Authorities tab, click the certificate that you want to export. Click Export, and then follow the instructions to export the certificate as a DER encoded Binary x.509(.CER) file. After the certificate file has been exported, copy it to the computer where you want to import it. On the computer where you want to import the certificate, double-click the certificate. Click Install certificate, and then click Next. Click Finish, and then click OK.
Method 9: Clear the temporary file and restart the hotfix installation or the service pack installation Note Skip this method if the operating system is Windows 2000.
To clear the temporary file and restart the hotfix installation or the service pack installation, follow these steps:
Click Start, click Run, type cmd, and then click OK. At the command prompt, type the following commands. Press ENTER after each command. net stop cryptsvc ren %systemroot%\System32\Catroot2 oldcatroot2 net start cryptsvc exit Remove all the tmp*.cat files in the following folders: %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} If no files that start with tmp exist in this folder, do not remove any other files. The .cat files in this folder are necessary
for installing hotfixes and service packs.
Important Do not rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder is not
recreated if the Catroot folder is renamed.
Delete all the oem*.* files from the %systemroot%\inf folder.
Restart the failed hotfix installation or service pack installation.Method 10: Empty the software distribution folder
Click Start, click Run, type services.msc, and then click OK. Note On a Windows Vista-based computer, click Start, type services.msc in the Start Search box, right-click services.msc, and
then click Run as administrator.
In the Services (Local) pane, right-click Automatic Updates, and then click Stop.
Minimize the Services (local) window.
Select all the contents of the Windows distribution folder, and then delete them.Note By default, the Windows distribution folder is located in the drive:\Windows\SoftwareDistribution folder. In this location, drive is
a placeholder for the drive where Windows is installed. Make sure that the Windows distribution folder is empty, and then maximize the Services (local) window.
In the Services (Local) pane, right-click Automatic Updates, and then click Start.
Restart the computer, and then run Windows Update again.Method 11: Perform an in-place upgrade For information about how to perform an in-place upgrade, click the following article number to view the article in the Microsoft Knowledge Base: 315341 How to perform an in-place upgrade (reinstallation) of Windows XP