0X80092001

Fix CRYPT_E_BAD_LEN (0x80092001) in 3 Steps

Cybersecurity & Malware Beginner 👁 1 views 📅 May 28, 2026

Short data buffer error from Windows CryptoAPI. Hit this mostly with certificate operations or Outlook. Fix it in 30 seconds or 15 minutes.

CRYPT_E_BAD_LEN (0x80092001) – What You’re Seeing

You get this error when Windows CryptoAPI tries to read a certificate and the buffer it allocated isn’t big enough. The real culprit? Almost always a corrupt certificate store or a certificate chain that got mangled. I’ve seen this most often in two places:

  • Outlook 2016/2019 when trying to send signed or encrypted email
  • Windows Server 2016/2019 during certificate enrollment or Schannel connections

Don’t bother reinstalling the OS. Start here.

Step 1 – The 30-Second Fix: Clear the Certificate Cache

Windows caches certificate chains. A stale cache can spit out this error. Clear it and the system rebuilds the chain fresh.

certutil -URLcache * delete

Run that as Administrator. Then restart whatever app gave you the error. For Outlook, close and reopen it. For a server app, restart the service.

This fixes about 60% of cases. If it doesn’t work, move on.

Step 2 – The 5-Minute Fix: Rebuild the Certificate Store

If the cache clear didn’t cut it, your local machine certificate store is likely corrupted. You need to rebuild it. This doesn’t remove your personal certificates – just the system-managed ones that store the chain info.

  1. Open an elevated Command Prompt.
  2. Kill any app using certificates (Outlook, IIS, etc.).
  3. Run these commands in order:
net stop certsvc
certutil -store My > cert_backup.txt
certutil -delstore My "All"
net start certsvc
certutil -pulse

Note: The certutil -delstore My "All" command wipes the current user’s Personal store but rebuilds it cleanly on next access. You’ll need to re-import any custom certificates after. So backup first with the -store command – it dumps everything to a text file for reference.

After this, test your app. This handles another 30% of cases.

Step 3 – The 15+ Minute Fix: Clean the Registry and Reset CryptoAPI

If you’re still here, CryptoAPI itself is in a bad state. Rare, but it happens. This steps completely resets the cryptographic service configuration.

  1. Open regedit as Administrator.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider.
  3. Look for any orphaned provider keys – these show up as strange GUIDs without a Type or Name value. If you see one, delete it.
  4. Next, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc.
  5. Delete the ImagePath value and recreate it with this:
%SystemRoot%\system32\svchost.exe -k netsvcs
  1. Reboot the machine.

After the reboot, run a quick check:

certutil -verify My

If it completes without the 0x80092001 error, you’re good. If it still fails, you’re looking at a deeper system file corruption. Run sfc /scannow then DISM /Online /Cleanup-Image /RestoreHealth.

When No Fix Works

I’ve seen this error in one more scenario: a third-party security software hooks into CryptoAPI and screws up the buffer allocation. McAfee and Symantec endpoint products are notorious for this. If you’ve run all three steps and it’s still broken, temporarily uninstall any security suite, test, then reinstall. If the error disappears, contact the vendor for a patch.

That’s it. 99% of the time, you stop at Step 1 or 2. Don’t overthink this one.

Was this solution helpful?

CRYPT_E_BAD_LEN 0x80092001 Windows certificate error Outlook certificate error CryptoAPI insufficient buffer fix 0x80092001 certificate chain error Schannel error PKI error Windows Server certificate CryptoAPI buffer length