How to fix error installing .NET Framework 1.1 SP1 on a computer that has MS05-004 installed

  • Article

I recently encountered a .NET Framework setup problem that is not described in my previously published .NET Framework hotfix/service pack troubleshooting guide while doing some testing for the upcoming version of Windows Media Center. I installed a computer with Windows XP Media Center Edition 2005, the .NET Framework 1.1 and .NET Framework hotfix 886904 (MS05-004). Then I went to Windows Update and found that it detected that I needed to install the .NET Framework 1.1 SP1 and it classified this as a high-priority update. When I tried to install it from Windows Update, it failed for me with a generic "installation failed" error message.

Of course, being the setup geek that I am, I wanted to figure out what was happening behind the scenes. So I downloaded the setup package for the .NET Framework 1.1 SP1 from this location and ran it with full UI (instead of letting Windows Update run it for me in silent mode). When I did this, I saw this error message:

.NET Framework 1.1 SP1 error dialog

This error message started me on the right track to find the solution to my problem. I decided to check in Add or Remove Programs first to see if there were any hotfixes for .NET Framework 1.1 listed, and I found one named Microsoft .NET Framework 1.1 hotfix (KB886904) . Once I uninstalled that hotfix and rebooted, I was able to return to Windows Update and successfully install the .NET Framework 1.1 SP1.

Ordinarily, .NET Framework service packs have logic built into their setup packages to automatically uninstall hotfixes and then apply the SP. That was not possible in this scenario because the fix for MS05-004 was not included in .NET Framework 1.1 SP1. The underlying security vulnerability was found after .NET 1.1 SP1 was tested and signed off on within Microsoft but before it went live on Windows Update. Since .NET 1.1 SP1 did not have this fix, it did not have knowledge of the hotfix package for MS05-004 and was not able to automatically remove it. That is also why you see a new version of MS05-004 offered on Windows Update immediately after you install .NET Framework 1.1 SP1 (this time it is named KB886903 instead of KB886904). Future service packs for the .NET Framework 1.1 will have the fix for this issue included, so you will not see this error message if, for example, you try to install the .NET Framework 1.1 SP2 on a computer with 1.1 and KB886904 installed in the future when 1.1 SP2 is available.

It is unfortunate that this type of setup scenario leads to a generic failure on Windows Update and does not help the average user find the solution to the problem. I am not sure how many computers will have the exact combination of .NET 1.1 + MS05-004 installed before trying to install .NET 1.1 SP1, but hopefully if anyone does run into this they will be able to use the lesson I learned above to resolve the problem.