Fix CRYPT_E_NOT_FOUND (0x80092004) — Object or Property Missing

Quick Answer

Run certmgr.msc and check for missing or corrupted certificates in the Trusted Root Certification Authorities store. If that's clean, clear the Windows update cache and re-register crypt32.dll.

What's Actually Happening

You're seeing CRYPT_E_NOT_FOUND (0x80092004) when Windows tries to validate a digital signature or access a certificate store. I've seen this most often when installing unsigned drivers, updating software from a shady source, or after a failed Windows Update. The system is telling you, plain and simple: “I can't find the cryptographic object or property I need.”

It's not a hardware issue, and it's rarely malware. It's almost always a corrupted certificate store, a missing root certificate, or a bad registry entry. Had a client last month whose entire print queue died because of this—turns out a driver update broke the certificate chain for the print spooler.

Fix Steps

1. Check Your Certificate Store

1. Press Win + R, type certmgr.msc, hit Enter.
2. Expand Trusted Root Certification Authorities > Certificates.
3. Look for any certificate with a red X or that says "This certificate has expired" or "The root certificate is not trusted."
4. If you see a bad one, right-click it, choose Delete. Be sure you know what you're deleting—don't nuke Microsoft root certs.

If the store looks clean, move on.

2. Clear Windows Update Cache

This error often triggers during a failed update. Here's the hard reset:

1. Open Command Prompt as admin. Run:

net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver

3. Re-register Crypt32.dll

Open Command Prompt as admin and run:

regsvr32 /s crypt32.dll

You won't get a confirmation message if it works. If it fails, you've got a corrupted system file—run SFC next.

4. System File Checker

1. Open Command Prompt as admin.
2. Run sfc /scannow. This can take 15–30 minutes.
3. If it finds corrupt files but can't fix them, run DISM /Online /Cleanup-Image /RestoreHealth

Had a server where DISM alone fixed it—turns out the component store was borked from a botched security update.

5. Check for Expired Root Certificates

Some software installers need specific root certificates that may have expired. For example, the VeriSign Class 3 Public Primary Certification Authority expired in 2020. If an old app uses that, you'll get this error.

Download and install the latest root certificate update from Microsoft: KB931125.

Alternative Fixes

If the Error Occurs in a Specific App

Check the app's installation folder for a .cer or .pfx file. Right-click it, choose Install Certificate, and place it in Trusted Root Certification Authorities. I've done this for old VPN clients and POS software that ship their own certs.

If You're Installing a Driver

Disable driver signature enforcement temporarily:

1. Hold Shift while clicking Restart in the Start menu.
2. Go to Troubleshoot > Advanced options > Startup Settings > Restart.
3. Press F7 to disable driver signature enforcement.

This is a band-aid, not a fix. Use only to get the driver installed, then re-enable it.

Registry Cleanup (Advanced)

If you're comfortable in Regedit:

1. Back up your registry first.
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates.
3. Look for orphaned entries under TrustedRoot or Disallowed that reference missing certificates. Delete them carefully.

Rarely needed, but I've seen a corrupt registry entry cause this error on every boot.

Prevention Tip

Keep your root certificates updated automatically with Windows Update. If you're on an old OS like Windows 7, install the Root Certificate Update manually. Also, never download certificate files from sketchy websites—always get them from the software vendor directly.

Had a client who downloaded a “free” VPN installer that planted a self-signed cert in the disallowed store. That caused 0x80092004 for weeks until we found it. Stick to official sources.