I’m running Vista SP2, CIS 3.10.102363.531, 32-bit.
When I attempted to upgrade (using Windows Update) to SP2 back when I was running SP1, the upgrade failed and my catdb (catalog database in C:\Windows\system32\catroot2, used by Cryptographic Services) was corrupt. I waited around 10 hours for the database to be rebuilt, and tried again. The upgrade failed again and catdb was corrupt again. I tried again, this time disabling D+ and the firewall. The database was rebuilt in around 2 minutes and the upgrade succeeded!
I’ve just had a problem with installing updates again. This time the entire system froze. When I restarted Windows, catdb was corrupt. I waited a few hours for the database to be rebuilt. Here are some messages from dberr.txt (in C:\Windows\system32\catroot2) over a few hours:
CatalogDB: 11:10:18 AM 15/08/2009: Adding Catalog File: Package_for_KB956744_client_0~31bf3856ad364e35~x86~~6.0.1.8.cat
CatalogDB: 11:10:20 AM 15/08/2009: catdbcli.cpp at line #391 encountered error 0x000006bb
CatalogDB: 11:10:20 AM 15/08/2009: catadnew.cpp at line #577 encountered error 0x000006bb
CatalogDB: 11:10:20 AM 15/08/2009: DONE Adding Catalog File: Package_for_KB956744_client_0~31bf3856ad364e35~x86~~6.0.1.8.cat
CatalogDB: 11:10:20 AM 15/08/2009: Adding Catalog File: Package_5_for_KB956744~31bf3856ad364e35~x86~~6.0.1.8.cat
CatalogDB: 11:10:22 AM 15/08/2009: catdbcli.cpp at line #391 encountered error 0x000006bb
CatalogDB: 11:10:22 AM 15/08/2009: catadnew.cpp at line #577 encountered error 0x000006bb
CatalogDB: 11:10:22 AM 15/08/2009: DONE Adding Catalog File: Package_5_for_KB956744~31bf3856ad364e35~x86~~6.0.1.8.cat
But then I thought of disabling D+. I did, and the entire database finished rebuilding in 1 minute:
CatalogDB: 11:28:38 AM 15/08/2009: SyncDB:: AddCatalog: ntexe.cat
CatalogDB: 11:28:40 AM 15/08/2009: SyncDB:: AddCatalog: ntpe.cat
CatalogDB: 11:28:40 AM 15/08/2009: SyncDB:: AddCatalog: ntph.cat
CatalogDB: 11:28:40 AM 15/08/2009: SyncDB:: AddCatalog: ntprint.cat
CatalogDB: 11:28:40 AM 15/08/2009: SyncDB:: AddCatalog: oem10.CAT
CatalogDB: 11:28:40 AM 15/08/2009: SyncDB:: AddCatalog: oem12.CAT
CatalogDB: 11:28:40 AM 15/08/2009: SyncDB:: AddCatalog: oem2.CAT
CatalogDB: 11:28:40 AM 15/08/2009: SyncDB:: AddCatalog: oem3.CAT
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: oem4.CAT
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: oem5.CAT
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: oem6.CAT
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: oem7.CAT
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: oem8.CAT
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: Package_10_for_KB935509~31bf3856ad364e35~x86~~6.0.1.9.cat
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: Package_10_for_KB938371~31bf3856ad364e35~x86~~6.0.2.27.cat
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: Package_10_for_KB948465~31bf3856ad364e35~x86~en-US~6.0.1.18005.cat
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: Package_10_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat
CatalogDB: 11:28:41 AM 15/08/2009: SyncDB:: AddCatalog: Package_10_for_KB961371~31bf3856ad364e35~x86~~6.0.1.4.cat
...
Is this a bug in CIS?
PS: For those of you who don’t know what the catalog database does - if it’s corrupt and you attempt to start Microsoft programs using “Run as Administrator”, instead of the usual grey prompt you will get an orange prompt telling you the program is “unidentified” even though it comes from Microsoft. This is because the database is corrupt and file signature verification using the catalogs won’t work. I’m guessing this is also why Windows Update fails when the database is corrupt.