WCF uses the http.sys kernel-mode http driver on most platforms to receive HTTP messages. The kernel-mode driver allows different services to share the same port for HTTP communication and, when running in IIS, allows messages to be received while the service is dormant.

The http.sys driver is configured to automatically start so that it can begin handling requests. On some systems the http.sys driver can get into a configuration that deadlocks on startup. This causes all of the dependent services using the driver to fail to start.

You might be experiencing this problem if all of the services dependent on the http.sys driver fail to start and running the sc querylock command indicates that the SCM database lock is being held by the NT Service Control Manager forever after starting up the system.

Since one of the other parties in the deadlock appears to be the cryptographic services, adding this dependency explicitly may provide a workaround for the problem. You can do this by running the following command:

sc config http depend= cryptsvc

You need to be an administrator to change the system configuration and the exact spacing in the command is important.