If you get Windows Update error 0x80092004 on Windows 7 or Server 2008 R2 do this
Microsoft released updates for all supported versions of Windows -- client and server -- on the August 2019 Patch Day. You can check out our overview of the updates if you have not done so already.
Reports suggest that some administrators and home users face issues with the released updates on machines running Windows 7 or Windows Server 2008 R2.
Attempts to install the updates KB4512506 (monthly rollup update) or KB4512486Â (security-only update) fail with the error 0x80092004. The error associated with the error code, CRYPT_E_NOT_FOUND, suggests that Windows Update rejects the updates because cryptographic values that the update packages contain are not found.
Microsoft changed the signing of update packages for Windows 7 and Windows Server 2008 R2 devices on the August 2019 Patch Day for the first time. The company signs packages only with SHA-2 since August 2019; it signed them with SHA-1 and SHA-2 previously but decided to drop SHA-1 because of known weaknesses.
We published an article in 2018 about the change stating that Windows 7 and Server 2008 R2 systems needed certain patches to continue receiving updates.
It appears that affected Windows systems are looking for SHA-1 in the update package and ignore SHA-2. SHA-1 is not included anymore and that appears to be the reason why error 0x80092004 is thrown on those systems.
Tip: it is always good to research Windows updates before installing updates.
Microsoft revealed that certain Symantec and Norton software installed on Windows 7 or Windows Server 2008 R2 systems does not play nice with the change and Microsoft made the decision to block updates on machines running Symantec and Norton software until the issue is resolved.Â The security solutions may block or delete Windows Updates.
While it is possible that the issue is related, e.g. that other antivirus solutions are causing issues with Windows Updates as well, it is more likely that a required update is missing.
Two updates need to be installed on Windows 7 and Windows Server 2008 R2 systems so that SHA-2 signed updates are installed correctly:
- KB4474419 -- SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: August 13, 2019
- KB4490628 -- Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019
If one of these is not installed, SHA-2 signed updates won't be accepted and the error is thrown instead.
Microsoft confirms that KB4474419 is a prerequisite on the support website. The company lists KB4490628 on the page as well stating that it strongly recommends that it is updated. SSU updates are installed automatically if Windows Updates is used but need to be installed manually if updates are installed manually. It is unclear why Microsoft does not list the SSU as a prerequisite more clearly.
You can verify that these updates are installed by checking the "Installed Updates" listing in the Control Panel or by running third-party software such as Nirsoft's WinUpdatesList.
If at least one of the updates is not installed, install it on the device and run a new check for updates after installation; the August 2019 update should install just fine this time.
Now You: Did you run into any issues installing the August 2019 updates? (via Born)
No problems with Windows 8.1, but as I understand it Microsoft will apply the same criteria to this OS as well with the upcoming September patch releases.
I’m not clear – if I already have KB4490628 installed prior to the August updates – do I need to have KB4474419 already installed as well? (A check of my system shows 4490628 already installed but 4474419 is not.) Or is just 4490628 installed enough to keep from getting the error?
you need BOTH 4474419 and 4490628 updates installed, P Koryn.
One important detail you need to install 4474419 that was release on August 2019.
If your system has 4474419 installed on March my advise is to removed and update it with the August version.Also the system needs to have installed KB3133977 and KB4490628
Note that the KB3133977 update is only applicable to Win7 SP1 systems with Bitlocker AND without the KB3125574 rollup update.
KB3133977 is NOT applicable to Win7 SP1 systems with the KB3125574 convenience rollup update installed (KB3133977 fails to install if KB3125574 is already installed).
Yes, we had problems with this update and had to disable protection of our security suite until restart in order to get this update installed successfully.
E para sistemas com Criptografia McAfee e Agent “Antivirus” McAfee. esta apresentando mesmo erro na instalaÃ§Ã£o AtualizaÃ§Ãµes do Windows KB4512486 – 0x80092004
And for systems with McAfee Encryption and McAfee Agent â€œAntivirusâ€. is experiencing same error while installing Windows Updates KB4512486 – 0x80092004 ?????
Not a problem for us, we disabled and blocked Windows updates a couple years ago, been smooth sailing ever since.
I can’t install the (two) KB4474419!
Copy of the packages, initialization, installation in progress then … “the update could not be installed” (without error code).
No more security updates for me thus, but whatever, their end is still close.
I have both 4474419 and 4490628 installed, and still can’t install KB4512506. I’ve tried Windows Update and the standalone package. I’m getting error code 8024200D from Win Update. I’ve tried the system update readiness tool but that didn’t help either. Tried several reboots, stopped and started services, etc. Driving me nuts.
KB4512506 was failing during download stage at 11% with unknown error (code 80092004).
KB4474419 (SHA-2 code signing support) was present, but KB4490628 (Servicing stack update) was missing for some reasons and not showing as available important update in Windows Update.
After manually downloading KB4490628 as standalone package, installing and rebooting KB4474419 finally installed successfully.
same exactly for me
Yep, exact same problem and solution for me as well.
I installed this month’s security-only updates on my Windows 7 x64 system using WSUS Offline Update. (I usually wait a bit longer for more fallout to emerge, but once again, this month’s RDP vulnerabilities are apparently “wormable” even if RDP isn’t in use or some-such. I have a freshly cloned system drive to fall back on in case my system gets borked, and it only takes me 5 minutes or so to swap it in, so I’m willing to take more chances with updating and fewer chances with security vulnerabilities than, say, Woody Leonhard of AskWoody.)
I’d previously read this article and checked the WSUS Offline Update download log to make sure that the August 2019 version of KB4474419 got downloaded. It did. Both of WSUS Offline Update’s two stages (download/”generate” and install went without a hitch, and WPD (Windows Privacy Dashboard) showed that this month’s security-only updates hadn’t snuck in any unwanted telemetry (unlike last month’s).
However, Belarc Advisor flagged the 2019-08-13 KB4474419 update as missing. Control Panel > Programs and Features > Installed Updates said KB4474419 was in fact installed but didn’t identify its date. An Everything search of my system showed that the latest KB4474419 was dated 2019-08-09, so I downloaded the 2019-08 KB4474419 from the Microsoft Update Catalog. That update was internally dated 2019-08-16, but it wouldn’t install because it identified itself as *already* installed.
I suppose I could manually uninstall KB4474419 in Control Panel and then manually install the new version I just downloaded, but the other two security updates Belarc had previously flagged are no longer missing (meaning that the slightly older version of KBKB4474419 hadn’t prevented them from being installed), so I’m inclined to let sleeping dogs lie for now. I’m not missing any security-only updates proper, and maybe the issue will get sorted out by next month’s Patch Tuesday.
PS: I’m not seeing an option to subscribe to comments to this article.
FWIW, Win 7 64bit Pro.
KB4474419 offered via updates; installed
KB4512486 Security Only update from MS update Catalogue.
Installed fine after an extra restart.
Thanks Martin :)
I am having this problem with KB4512506. I downloaded KB4490628 but can’t install it because Windows says it is not applicable to my computer. Any suggestions?
Terrence, I had to apply both KB4474419 & KB4490628 before I could manually run KB4512506 from Windows catalog. I’m not sure but I think it’s because we’re Symantec customers though.
KB4474419 is already on my computer, but as indicated earlier, Windows won’t let me install KB4490628. Does anyone know how to deal with this?
Maybe you just mixed x86, x64 or embedded version of the patch?
hopefully you solved the issue already.
Thanks so much for posting this article.
I have installed these two updates and now I can install this months Windows uodates to all my servers.
I tried these recommendations but I would still get “windows failed to start” after the update, had to boot with win7 cd and then do a restore to get back to point before the update. Finally found the fix, I installed all of the “optional” updates that were marked “recommended”, after do this I was able to install update KB4512506 without issue.
On an older Dell laptop running Win 7 I got the 80092004 error when applying the Aug monthly rollup update (KB4512506) as described in this article. I found that KB4474419 had been just installed successfully by Windows Update. I downloaded and applied the second that is mentioned, KB4490628. After that the Aug Monthly update installed without problems via Windows Update. Many thanks.
have tried everything in this article to get the lastest 4512506 update and Im stumped. all required files for …506 have been installed and is the only “important update” listed in Windows Update.
downloaded the file MUC to try and install manually with no success…
Windows 7 has been updated in August and the desktop never opened. Can you help?
Happened to me as well, and here is how I was able to fix it:
No guaranty that it will work for you though…
Thanks so much for posting this issue and solution. I have a few virtual machines matching OS production systems. I noticed this error on my Server 2008R2 VM. I usually try and wait till following month to proceed with production updates and presto I found the answer here.
yeah. my mums computer generally works ok. she doesn’t want it to break. so I might send MS a msg shared by many, many, many other users globally – b0110x to the updates.
Thanks for the concise and easy to understand report…installed KB4490628….and patch was installed without the errror….thanks again….
It is fixed now. Checked right now on clean installation of 2008R2. If you make a clean install, KB 4512506 is not offered in updates list before pre-requisites are installed. If you install updates manually, you still need to install KB4490628 at first.
Thank you so much for this helpful information. After installing KB4490628 the patch installed without a hitch.
Dude, seriously thanks for this info. It worked like a charm and already solved it, I was trying to solve the error 80092004 the whole day, trying different ways and thinking in format my computer because couldnt see what was failing and I thought I screwed up my computer after doing a downgrade.
What happened is that didnt have KB4490628 but after installing it the error dissapeared.
Very helpful – thanks a lot!
Dude, you saved my life from my OCD. I literally lost sleep because of this damn error.
This error has wasted at least 2 days trying all sorts of cleanup of windows update related directory. I was just missing the KB4490628 update. Once that was installed, my Windows 7 box is now back to taking updates.
Can’t thank you enough.
Thanks so much. Wish I had found this sooner. Once installing the SSU I was finally able to run the september updates.
Thanks a lot!
Me sirvio, muchisimas gracias.
Thanks, we’ve been trying to update a server running 2008 R2 SP1 for weeks now and this article explained exactly why it failed. Now it’s patched, thanks to you!
KB4474419 is marked in wsus as superseded, so, I’ve declined this and that cause problem (I has one month updates pending because of hardware failure).
How possibly they can make this one superseded if after this one is missing everything else fail ?
How possibly this can be superseded if there is no update superseding this one ?
Installed KB4474419 and KB4490628 first and then all went fine with KB4512506 and KB4512486
Windows update error code 80092004, how to resoled.
Haven’t fully fixed my overall update problem on my old laptop that I don’t use much anymore, but doing this allowed the August 2019 KB4512486 to successfully download on my computer. First one that has in eons, so I’m thrilled I was able to get something recent in before Windows 7 support expires. Gonna try a few more times to see if anything else does, didn’t have luck with any other manual download when I tried a month ago.
Searched the whole internet to fix this error. Your solution was quick and painless, explained as it should.
Thank you!!! <3
Thank you Martin – just wish someone at Ms had realized what a mess they create and told us about it!
Thanks! Helped me a lot!
Nice one… thanks. Worked a charm on a Windows 7 Starter machine that’s getting its last updates before going off-grid.
You just saved my life. Thank you so much!
Looks like both WSUS and the Microsoft Update Servers do not properly deploy KB4490628.
I manually installed that from Windows Catalog and the remainder of the updates now work.
Thanks for this article. Installing KB4474419 manually broke the logjam that was preventing windows update on my laptop for months (since Sept 2019). Without this article, I wouldn’t have had any idea that I should try that.
Thanks for this article. This fixed my Win7 update problem.
Thanks for this! My 2K8 R2 machine only needed KB4490628 (it said the other one wasn’t needed). After that, KB4534310 and KB4535102 (Security rollups) installed.
You, sir, are a scholar and a gentleman.
Had been banging my head against the Windows Update brick wall for 2 days trying to get this Windows 7 laptop up to speed so hopefully the Windows 10 upgrade will finally work.
KB4516065 and KB4535102 were stubbornly refusing to install. Thanks to your article, I manually installed KB4480628 (KB4474419 was already installed).
Et voila… Windows Update success!
You are wonderful! This problem has been annoying me for months, you helped me fix it. Thanks a lot.
Worked for me thanks. I didn’t have KB4490628 and was never offered it through windows update. After manual install the other updates worked.
thank you so excellent
Servicing stack update was my problem.
Worked for me.
Worked like a charm. Micro$oft Technet and online help were no help whatsoever in tracking down this error code on a client’s Windows 7 Pro machine.
KB4490628 fixed the problem immediately; the other was already installed on the PC.
So far, all pending and subsequent updates have been successful, where they simply failed before. Also, MSP version of ESET AntiVirus would not install before this; now there’s joy.
Kinda silly, however, that MS seems to have relegated download priority for W7 updates to a back burner. I even tried downloading a couple of the KBs mentioned in Windows Update from the MS Update Catalog. Some of those downloaded would not install, and some were not even in the catalog. Double checked the KB numbers and everything. Ran those again from Windows update and bingo!
Brilliant. Thanks very much for your note here. I needed the servicing stack 4490628 to make it work, as the other KB was already installed, but Windows Update was too stupid to figure out how to get past this.
Reading all the posts. Good information. I wish I could get kb4474419 to load. I have everything loaded that you have talked about. I’m able to load the update and I restart as I should. It goes through the first 30% and shuts down. When booting up it comes to “Please wait” and then reboots. I have tried all the tricks on the internet. It always shows error code 80070643 every time. There are other updates that come up this way. Ideas?
This is gold – solved my problems with windows update on Windows 7.
Just needed to manually apply KB4490628 and then my problems disappeared.
Thank you !
obrigado!!! resolveu meu problema estou feliz agora!
Ä± downloaded update file manually. when I try to install, the update said that this update already installed.
Great job! This solved it after having tried a dozen other suggestions!
Windows had already installed KB4474419 but not KB4490628. I had even reinstalled Windows from scratch and hit the same problem so was near giving up.
Salih: I had the same thing happen, so I downloaded the 2nd file because the ‘fix’ said that it needs both to work. sure enough the 2nd file was not installed, so after install, at least one of the updates.Trying the 2nd.
Downloaded this, windows6.1-kb4490628. Installed it , restart pc, ran update again and my last 3 updates that was giving this error updated accordingly. Problem solved. Thank you very much.
Thanks Martin for this post – it resolved long-standing update issues not resolved by other steps I had taken. In my case KB4490628 had previously failed, and re-installing worked, then a couple other updates succeeded. KB4474419 installed in June and again in November, perhaps the second one had the needed code, although both showed Revision Number 200 in Nirsoft’s Windows Updates History Viewer, which was also very helpful.
Reconfiguring a Win7 machine. Your suggestions worked perfectly.
thank you very much. I followed the guide on my x64 win7 machine,
and finaly I could install the remaining updates.
very cool. thank you.
With installing the 2 updated you mentioned, the problem is solved now.
Thanks for your help!
thank you for the info. it solved my problem of error code 80092004.
Great solution – It solve my error code 80092004. Thank you very much indeed