STATUS_NO_SUCH_PACKAGE (0XC00000FE) – Authentication Package Unknown
Windows can't find or load a security package during logon. Usually a corrupted Kerberos or NTLM registry entry. Fixing the registry or repairing Windows Authentication resolves it.
Cause #1: Corrupted Kerberos or NTLM Registry Entries
What's actually happening here is that the Local Security Authority (LSA) can't find the DLL for the Kerberos or NTLM authentication package. When Windows boots and tries to initialize security packages, it reads the Authentication Packages value under HKLM\SYSTEM\CurrentControlSet\Control\Lsa. If those entries point to a missing or corrupted file—like after a failed Windows Update, antivirus cleaning, or manual registry editing—you get 0XC00000FE.
This shows up right at logon, sometimes even before you enter a password. You'll see a black screen or a message box saying "A specified authentication package is unknown." On domain-joined machines, it's often Kerberos that's broken. On workgroup systems, it's usually NTLM.
Fix: Restore the Authentication Packages Registry Values
- Boot from Windows installation media or a recovery drive. You can't fix this from inside the broken OS because you can't log on.
- Press Shift + F10 at the setup screen to open a command prompt.
- Run
regeditand select theHKEY_LOCAL_MACHINEhive. Go toFile > Load Hiveand load theC:\Windows\System32\config\SYSTEMfile from your broken installation. Give it a temporary name likeBrokenSys. - Navigate to
BrokenSys\ControlSet001\Control\Lsa. Look at theAuthentication Packagesmulti-string value. You should seemsv1_0as the first entry. Some systems also havekerberosafter it. If the entry is empty, missing, or has garbage likemsv1_0.dll(with the extension—it shouldn't have one), that's your problem. - Set
Authentication Packagesto exactly this, one entry per line:
If you're on a domain-joined system, addmsv1_0kerberoson a second line. Also checkSecurity Packagesin the same key—it should contain justnegoexts. - Unload the hive: select
BrokenSys, thenFile > Unload Hive. - Reboot normally.
The reason step 3 works is that you're bypassing the broken OS's security stack entirely. The registry hive is just a file at that point. Loading it into a running regedit instance lets you edit it as raw data.
Cause #2: Missing or Corrupted Security Package DLLs
Sometimes the registry entries are fine, but the actual DLLs—msv1_0.dll, kerberos.dll, or negoexts.dll—are missing or damaged. This happens more often than you'd think after antivirus tools quarantine a "suspicious" system file, or after a botched hotfix uninstall.
The error is identical: 0XC00000FE. But the registry looks correct. You need to verify the files exist and are signed.
Fix: Replace Missing DLLs from a Known-Good System
- Boot from Windows installation media again.
- Open command prompt with Shift + F10.
- Run
sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows. ReplaceC:with your actual system drive letter. - If SFC can't fix it, manually copy these DLLs from a matching Windows version (same build number, same architecture):
Wherecopy D:\Windows\System32\msv1_0.dll C:\Windows\System32\msv1_0.dll
copy D:\Windows\System32\kerberos.dll C:\Windows\System32\kerberos.dll
copy D:\Windows\System32\negoexts.dll C:\Windows\System32\negoexts.dllD:is the drive with the good Windows installation. - Also check
C:\Windows\SysWOW64if you're on a 64-bit system copy the 32-bit versions too.
Don't skip checking the SysWOW64 folder. The 32-bit LSA process uses those on 64-bit Windows, and missing 32-bit DLLs cause the exact same error on logon.
Cause #3: Third-Party Security Software Interference
Some enterprise endpoint protection—Symantec Endpoint Protection, McAfee, or even older versions of Malwarebytes—registers its own authentication packages in the registry. If that software is partially uninstalled or its DLL is removed before the registry entry is cleaned up, Windows tries to load a package that no longer exists.
This one's sneaky because the registry will have an extra entry like symantec_ips or mcafee_mpf in the Authentication Packages list, alongside the standard ones.
Fix: Remove Orphaned Third-Party Entries
- Boot from recovery media, load the SYSTEM hive as described in Cause #1.
- Navigate to the Lsa key. Look for any entry in
Authentication PackagesorSecurity Packagesthat doesn't correspond to a known Windows DLL. - Delete those entries. Keep only
msv1_0and optionallykerberos. - Unload the hive and reboot.
The fix is the same as Cause #1, but the root cause is different. You're not restoring a corrupted entry—you're removing a dangling reference. The error goes away as soon as Windows no longer tries to load a nonexistent DLL.
Quick-Reference Summary
| Cause | What to Check | Fix |
|---|---|---|
| Corrupted registry entry | Authentication Packages under HKLM\...\Lsa | Set to msv1_0 (and kerberos for domain PCs) |
| Missing DLLs | msv1_0.dll, kerberos.dll, negoexts.dll | Run SFC offline or manually copy from good installation |
| Orphaned third-party package | Extra entries in Authentication Packages | Remove non-Microsoft entries from registry |
All three fixes require booting from external media because you can't log in to fix it from inside the broken OS. Keep a Windows USB stick handy—it's the only way out of this one.
Was this solution helpful?