Windows Updates KB4512506/KB4512486 drops error 0x80092004

Windows Update[German]A brief information for users who install the August 2019 security updates KB4512506 or KB4512486 for Windows 7 SP1 and Windows Server 2008 R2 in an installation error 0x80092004. It is highly likely that updates to retrofit SHA-2 support will then be missing.


Users report error 0x80092004

It didn’t take long after the release of the security updates KB4512506 (Monthly Rollup) or KB4512486 (Security Only) for Windows 7 SP1 and Windows Server 2008 R2 until the first users reported issues within my German blog. German blog reader Heidemann wrote in this comment:

The attempt to install the update to W2K8R2 fails here with Installation Failure: Windows failed to install the following update with error 0x80092004: Security Update for Windows (KB4512486).

No Symantec or Norton (but McAfee) on the systems.

And a short time later M. Gruber posted this comment with the same tenor, but to another German blog post.

I repeatedly fail to install KB4512506 (Monthly Security Quality Rollup) with code 80092004 under a naked Win7 x64 without AV software.
Am I the only one or is there a workaround?

The user then pointed out similar feedback from users in the English DSL forum.

I can’t install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004. Multiple restarts and retries result in same error. Anyone else seeing this?

I found also a japanese post mentions this error code without giving further hints.

The error has already occurred with .NET

I mentioned the error code 0x80092004 in some blog posts (see links at the end of the article) and Microsoft also published a KB article about the error. However, this KB article refers to a bug in the .NET framework that prevents updates from being installed. However, I don’t consider this to be a valid cause, as these are currently Windows updates.


What does error code 0x80092004 stands for?

Before you start any wild experiments, it’s good to know what the cause of the error is. The error code 0x80092004 stands for CRYPT_E_NOT_FOUND. Windows Update could not find any cryptographic value and rejects the update.

There was something SHA-2 signing?

I had it mentioned in the blog post Symantec/Norton blocks Windows Updates (SHA-2). Microsoft changed the signing of update packages for Windows 7 SP1 and Windows Server 2008/R2 for the first time in August 2019. Instead of signing the packages with both SHA-1 and SHA-2, only a SHA-2 hash value is stored in the package. The above error code indicates that Windows Update is looking for the SHA-1 signature in the package and does not find it.

What should be checked

One possibility is that an external virus scanner recognizes and modifies the update packets incorrectly. The blog post Symantec/Norton blocks Windows Updates (SHA-2) mentions that Symantec and Norton security solutions cause trouble. In this scenario, however, Microsoft blocks the delivery of security updates.

Weighting the above information, there is a lot of evidence that the support for the new updates and Windows signed exclusively by SHA-2 is simply missing. As of March 12, 2019, Microsoft had extended support article 4472027 (2019 SHA-2 Code Signing Support requirement for Windows and WSUS) to include the SHA-2 updates required for Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, and Windows Server 2008 Service Pack 2.

  • Update KB4474419 (SHA-2 code signing support update for Windows Server 2008 R2 and Windows 7: March 12, 2019) adds support for SHA-2 signature checks for the above operating systems.
  • In addition, the Servicing Stack Update KB4490628 was published in March 2019. This fixes a problem in the Servicing Stack, which occurs as soon as packages are signed with SHA-2 only.

I had mentioned within my blog post Windows 7: Updates for SHA-2 support, that it’s required both updates are installed. Within my German comment here I had recommended checking to see if the relevant updates were available. In fact, blog reader M. Gruber reported here that the SSU KB4490628 was missing on his machine. After installing the Servicing Stack Update (SSUs) from March 2019, the August 2019 security update for Windows 7 SP1 and Windows Server 2008 R2 was successfully installed. And I got a 2nd feedback, that this was the root cause for the update install error. Perhaps it will help one or the other affected person.

Similar articles
Fix for .Net Framework Update KB4340558 error 0x80092004
.Net Framework: Update KB4340558 drops error 0x80092004?
Patchday: Updates for Windows 7/8.1/Server (August 13, 2019)
Symantec/Norton blocks Windows Updates (SHA-2)
Windows 7: Updates for SHA-2 support

Cookies helps to fund this blog: Cookie settings

This entry was posted in issue, Update, Windows and tagged , , , , , . Bookmark the permalink.

63 Responses to Windows Updates KB4512506/KB4512486 drops error 0x80092004

  1. Alex says:

    its worked! thx!

    • Confused says:

      What? What worked. What did you do?

      • Stephen says:

        I’ve seen this error #0x80092004 with many of my Windows 7 x64 workstations in August and September, the latest when attempting to install KB4516065, the 2019-09 Security Monthly Quality Rollup.

        After reading this information, I did some recon on these workstations. They all have KB4474419, but they were all missing KB4490628. Just now, I manually added KB4490628 to two workstations, then attempted a manual install of KB4516065. Both installed successfully now and are working without issue.

        Check your computer for both KB4474419 and KB4490628. Manually install whatever is missing.

        • georg says:

          Yes!!! it works!!!!!!
          KB4490628 was missing on my comp. I manualy installed it and now all other updates were finished.

  2. anon says:

    Confirmed, manually installing KB4474419 allowed me to then manually install KB4512506 on 2008r2. Working 911 for a top 10 city so thank you for this. Fix this crap microsoft.

    • EP says:

      no anon. you should have installed both 4474419 and 4490628 updates when they were first released back in early March 2019 to allow installing more recent W7 updates

      not completely microsoft’s fault when a Win7 user like you forgot to install both of those updates.

      • E. R. says:

        Or it could be another error!

        First off, thanks for the heads up about both updates. This worked for me!

        Secondly, I did not have KB4490628 installed, this did the trick.
        After a short search WSUS was to blame. This update was reported installed, but really was not. After installation, the rest worked fine again.

      • JG says:

        I had the same issue–ALL Windows updates are allowed at all times–these did not get installed and just NOW were causing issues. I installed them both and now updates have resumed–looks like I’ve missed a few!

  3. Forest says:

    After intalling SSU KB4490628, KB4512506 got installed successfully on my X64 Windows7 SP1.

  4. Advertising

  5. Tim says:

    Thanks for the timely post. I had the same issue on a Windows Server 2008 R2 box with no antivirus, and KB4490628 was the missing piece.

    • Joe says:

      Same here. On Server 2008 R2, 4474419 was already installed, added 4490628 and then 4512506 installed fine. Thanks Born for this very current and timely blog!

    • Tyler W. Cox says:

      Same exact issue on two separate 2008 R2 servers. After the KB4490628 install, all was well.

  6. Pingback: If you get Windows Update error 0x80092004 on Windows 7 or Server 2008 R2 do this - gHacks Tech News

  7. Peter Strempel says:

    Thank you guenni.

    Australian Windows x64 SP1 user, error 80092004 on trying to install KB4512506, fixed by first installing KB4490628, then KB4512506. Worked like a charm.

    (Downloaded both manually from online catalogue because local WSUS just timed out on KB4512506 after first failure).

  8. William says:

    thank you very much. The SSU did help.

  9. Thomas says:

    I was missing KB4490628. Updates working after I manually installed it.

    Thank you.

  10. Bob says:

    Like other people, KB4490628 was not installed. After installing it, the August security update installed properly. Many thanks to guenni and everyone here!

  11. John Gilliam says:

    Installing SSU KB4490628, then running the update worked. Many thanks for digging into this mess for us!

  12. Pingback: Microsoft Warns of Possible August Update Troubles for Some Windows 7 and Windows Server 2008 Users — | Learn With Ashik

  13. Stefan says:

    Dutch Windows 7 SP1 failed to install KB4512506, error code 80092004.
    KB4474419 was already installed, after manually installing KB4490628 also the installation of KB4512506 was successful.

  14. Phil G says:

    Microsoft is slacking off.

  15. Sam says:

    My computer running Windows 7 Pro says these updates 4490628 & 4474419 are already installed. PC keeps going into a loop. Costing me 2 days so far. Fun!

  16. Miguel says:

    To solved the problem:

    Frist install this KB

    Second install this KB

    You can read the problem and the solution in:

    In my case (Windows Server 2008 R2 Sp1) the problem is solved.

  17. Patrick says:

    Thank you for this post. It helped me solve a Windows Update issue on one of the old Windows 7 machines in our fleet. Your work is appreciated.

    I was getting error 0x80092004. I already had KB4474419 and installed KB4490628. After the installation of the SSU I attempted to install KB4512506 again and was successful. Thanks again.

    It seems like Microsoft is “encouraging” users to move on from the older versions of Windows.

  18. jojo says:

    I tried these recommendations but I would still get “windows failed to start” after the update, had to boot with win7 cd and then do a restore to get back to point before the update. Finally found the fix, I installed all of the “optional” updates that were marked “recommended”, after doing this I was able to install update KB4512506 without issue.

  19. LinuxFTW says:

    5 months left and this crap Win7 is still having issues. Confirmed install KB4490628 before installing KB4512506!!!

  20. Gregory Shearer says:

    You are awesome! Thank you for doing the research. It worked perfectly.

  21. Amirali says:

    Thank you for the post, This really helped me.

    I installed the KB4490628 & 4474419 and it worked.

  22. kaedinger says:

    Confirmed install KB4490628 before installing KB4512506. Thanks a lot.

  23. EP says:

    the install error 0x80092004 won’t occur if Win7 users installed both the 4490628 and 4474419 updates which were first offered way back in March 2019, before installing the most recent Win7 security updates.

    guess some W7 users forgot the memo

  24. Miguel says:

    Thank you for the post!!

    Same error in Windows server 2008 R2 64x. I installed the two KBs:
    – First 4474419 and restart
    – Second 4490628 don´t restart
    – Third KB4512486 and restart

    All perfect. Again thank you!

  25. anon says:

    Thanks for this post. saved me a lot of time today

  26. BG says:

    Windows7 Pro and I was never offered the update 4490628 either. Personal attack by GBorn? I have now wasted hours on MS incompetence. Lets blame the victims? Tired of this typical nonsense with MS. Will now have to disable AVAST modules, clear the cache, and manually download this and pray it works. Thanks Microsoft!

  27. Brett Anderson says:

    Thank you so much!!, this worked perfectly!

  28. Yaron says:

    I can report that on my Windows 7 the KB4490628 update was missing on my machine. After installing KB4490628 (from March 2019), the August 2019 security update for Windows 7 SP1 and Windows Server 2008 R2 was successfully installed.

  29. prisoner_of_windows says:

    Thank you so much for posting this, and thank you for explaining the root cause instead of just showing a list of steps as some others do. You’re a hero!

  30. Win 7 Loyalist says:

    Yes, thank you very much for researching and posting this information with the detailed background and explanation of the root cause, and thanks to the commenters for reporting on their experiences. I found I already had KB4474419 installed and only needed KB4490628. Once I installed KB4490628, I was then able to install KB4512506, the 2019-08 Security Monthly Quality Rollup that had failed to install and that gave the 0x80092004 error.

    With 10 years running Win 7 (since the initial release), I can perhaps forgive a few hiccups in the OS. For the most part, Win 7 has aged like fine wine. However, if I were to consider the problems that have taken the most time for me to research and resolve, particularly since 2016, the chief culprit is probably Windows Update.

  31. Barna says:

    Very good article. It definitely did help for me. KB4490628 was missing in my case. Many thanks.

  32. another one says:

    Omg thank you so much 1 million blessings to you 1 million thank you. may the universe forever provide you with infinite energy

  33. Ian says:

    Excellent article – thank you. KB4474419 and KB4490628 worked for me.

    I am making a fresh installation of Win7 so it is pretty bad from MS that even a clean install can’t be fully patched without having to find answers to problems like this.

  34. Fedez says:

    thank you so much. KB4474419 was already installed.
    KB4490628 have fixed problems. You are great!

  35. Jan says:

    it works for me as well after installing KB4490628
    kb4474419 was already installed.

    Thanks a lot!

  36. Robert Chiru says:

    Thanks a lot!

    It works on windows server 2008 R2 machine!

  37. Dave says:

    Yep, missing KB4490628 was the culprit

  38. Craig says:

    My laptop was a depot repair with a new Win7 install. Initial Windows 7 updates didn’t install 4490628. After install everything worked great. Thanks for the effort!!

  39. Anthony Maw says:

    thanks the solutions posted here about requiring the pre-requisite files kb4490628 and kb4474419 confirmed fixed my problem with error 0x80092004 on trying to install KB4512506. Some organizations choose to only install Critical and Security Update categories using WSUS or SCCM so these updates must be “optional” category even though they should be “critical” to continue getting security updates later. Somebody was really sleeping at Microsoft office.

  40. naozmzm says:

    KB4490628 and KB4474419 v3 are both installed on my windows 7 computer, and yet I can’t install many patchs including : KB4531786, KB4490128, KB4534314…

    • guenni says:

      Have you checked the integrity of your system with sfc /scannow in an administrative commend prompt window?

      It seems, that something with crypting is broken.

      • Christian Brom says:

        I have the same problem – KB4490628 and KB4474419 v3 are installed on my Windows 7 Pro and I can not install new patches.

        Running “sfc /scannow” with admin rights returns no errors. So this does not help either.

        I tried the wsus offline installer with current patches did not fix the problem, even not other update collections.

        Getting deeper into that issue by hiding the monthly update for January 2020 (and then the other monthly updates before) I found out that this problem starts with monthly update of August 2019.

  41. Lourens says:

    Getting the same issue on 2x 2008R2 servers.
    I had to install KB4490628, KB4474419 was already installed.
    Scannow and ran system update readiness ( same issue.

  42. Martin says:

    I installed Servicing Stack Update KB4490628 as suggested and was finally was able to install 3 updates that had been failing, one since October.

  43. Frank says:

    After installing the two KB’s I was able to update windows. Thnks

  44. Thomas says:

    Thanks! After manually installing KB4490628 I finally succeeded in installing the recommended updates which failed for months!

  45. Marcelo says:

    Thank you!
    I could install all updates now.

  46. Chris says:

    Many thanks. I got a laptop to repair after someone had spilled milky sweet coffee over the keyboard. (They denied they’d done it, but the evidence was there to see. It might have been vomit though.) Easy fix on a Dell E5500. I love these proper work oriented laptops. No need for pry tools and hot glue. The laptop hadn’t been updated for 4 years. Windows 7 32 bit. I ran the Microsoft Fixit tool and got most of the updates, but was blocked at the last hurdle. KB4490628 sorted it. Thanks again.

  47. HCG says:

    Thank you from Spain…

    Save my day

  48. Bill says:

    Thank you this cured my system as well.

  49. Aldus says:

    The two updates solved my Windows Home Server 2011 update problem. Thanks !

  50. maurits says:

    Dear reader,

    This is an important message.

    Companies and home users should take control over how things OS and hardware work. To begin with by replying to this message.

    Right now it’s investment after investment that does not really contribute anything.

    An example: 64-bits. The only thing it does is steal. In the first place, there are no reasons for a maximum of 4 GB internal memory in 32-bits systems. This is just a short example. (I unlocked this memory lock with a small software*)

    If this post doesn’t lead anywhere, I think it is better if I delete it.

    I came here through here:

    When installing KB4490628 (I didn’t do a restart), also those stuck updates now did install. Though my system could not boot into Windows. In my boot menu I chose the other option, which is the same OS. That small software that unlocks the memory puts two boot entries in the boot menu. One is, where the lock is still there. I could boot into that. And then probably unlock again to be able to boot into the other option again. (I don’t mean this happens all the time. Not to me. Though I am not a “update fetisjist”. Pardon my French). I looks like it only updates basically cause problems with this.

Leave a Reply

Your email address will not be published. Required fields are marked *