WSUS: Encryption Key Cannot be Retrieved


You may see an error when trying to make changes to the synchronization options such as trying to set a proxy server password or changing the time for synchronization. The error looks like:

System.Security.Cryptography.CryptographicException: The encryption key cannot be retrieved. —>

System.Security.Cryptography.CryptographicException: An error occurred in the DPAPI. HRESULT: 0x800F0005 at Microsoft.UpdateServices.Internal.DataProtectionApi.Decrypt(Byte[] toDecrypt, Byte[] entropy, EncryptionLevel level) at

This is what you get when you click on the show details button:

— End of inner exception stack trace —

at Microsoft.UpdateServices.Internal.EncryptionUtilities.GetEncryptionKey()
at Microsoft.UpdateServices.Internal.EncryptionUtilities.EncryptString(String stringToEncrypt)
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.set_Proxy Password(String value)
<SNIP>.Manage.Subscriptions.SubscriptionProxy.SaveSynchronizationValues(XPostHandler& xPostHandler)
at Administration.Manage.Subscriptions.SubscriptionProxy.ValidateSynchronizationValues(String xPostXml)
at Administration.Manage.Subscriptions.SubscriptionXPost.Page_Load(Object sender,EventArgse)


On Windows 2003 Server, make sure the NetworkService account has read access to the system drive. You can use the CACLS command to adjust the ACLs.


For Windows Server 2003 a possible cause is that the NetworkService user account does not have read access to root drive of %systemdrive%.

Leave a Reply

Your email address will not be published. Required fields are marked *