.NET 4.5 Installation failed with error code: (0x800B010B), "Generic trust failure”

Microsoft .NET Framework 4.0 Updates/Patches might fail during installation with the following error message "Generic trust failure."

As per the install failure log:

                           

C:\4048b65f65ff4dcceb\NDP40-KB2656405.msp - Signature verification for file NDP40-KB2656405.msp (c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp) failed with error 0x800b010e (The revocation process could not continue - the certificate(s) could not be checked.)

[8/9/2012, 9:55:26] c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp Signature could not be verified for NDP40-KB2656405.msp

[8/9/2012, 9:55:26]No FileHash provided. Cannot perform FileHash verification for NDP40-KB2656405.msp

File NDP40-KB2656405.msp (c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp), failed authentication. (Error = -2146762482). It is recommended that you delete this file and retry setup again.

[8/9/2012, 9:55:26]Failed to verify and authenticate the file -c:\4048b65f65ff4dcceb\NDP40-KB2656405.msp 

Final Result: Installation failed with error code: (0x800B010B), "Generic trust failure. "

 
                            

The above error code indicates the below information:

# for decimal -2146762482 / hex 0x800b010e

  CERT_E_REVOCATION_FAILURE                                     

# The revocation process could not continue - the

# certificate(s) could not be checked.

Make sure that the following registry key is set on the system:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

If this setting still fails to install .NET then also make a change to the following registry key:

HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

The DWORD State value is 23c00.

............................................................................................................................................................

The above value indicates that revocation checks occur when validating the Authenticode digital signatures on downloaded programs and ActiveX controls.  You can find the settings from IE browser:

Tools, Internet Options, Advanced tab, you will find the two options which control revocation checking. Check for server certificate revocation controls whether revocation checks occur for HTTPS connections. Check for publisher’s certificate revocation controls whether revocation checks occur when validating the Authenticode digital signatures on downloaded programs and ActiveX controls.