diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
index 6cabaea73..f07ba8db3 100644
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@@ -261,6 +261,26 @@ _keybox_close_file (KEYBOX_HANDLE hd)
 }
 
 
+/* Close all the files associated with the resource identified by TOKEN.  */
+void
+keybox_close_all_files (void *token)
+{
+  KB_NAME resource = token;
+  KEYBOX_HANDLE roverhd;
+  int idx;
+
+  if (!resource)
+    return;
+
+  for (idx=0; idx < resource->handle_table_size; idx++)
+    if ((roverhd = resource->handle_table[idx]) && roverhd->fp)
+      {
+        es_fclose (roverhd->fp);
+        roverhd->fp = NULL;
+      }
+}
+
+
 /*
  * Lock the keybox at handle HD, or unlock if YES is false.
  * Lock the keybox at handle HD, or unlock if YES is false.  TIMEOUT
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 53ed66b67..263a16617 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -814,6 +814,10 @@ keybox_search_reset (KEYBOX_HANDLE hd)
 
   if (hd->fp)
     {
+#if HAVE_W32_SYSTEM
+      es_fclose (hd->fp);
+      hd->fp = NULL;
+#else
       if (es_fseeko (hd->fp, 0, SEEK_SET))
         {
           /* Ooops.  Seek did not work.  Close so that the search will
@@ -821,6 +825,7 @@ keybox_search_reset (KEYBOX_HANDLE hd)
           es_fclose (hd->fp);
           hd->fp = NULL;
         }
+#endif
     }
   hd->error = 0;
   hd->eof = 0;
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 565274c10..f90ea1c83 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -70,6 +70,8 @@ int keybox_is_writable (void *token);
 
 KEYBOX_HANDLE keybox_new_openpgp (void *token, int secret);
 KEYBOX_HANDLE keybox_new_x509 (void *token, int secret);
+void keybox_close_all_files (void *token);
+
 void keybox_release (KEYBOX_HANDLE hd);
 void keybox_push_found_state (KEYBOX_HANDLE hd);
 void keybox_pop_found_state (KEYBOX_HANDLE hd);
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 36afd2231..e024ee7f8 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -505,6 +505,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
   struct inq_certificate_parm_s parm;
   struct isvalid_status_parm_s stparm;
 
+  keydb_close_all_files ();
+
   rc = start_dirmngr (ctrl);
   if (rc)
     return rc;
@@ -775,6 +777,8 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, const char *uri,
   if ((names && uri) || (!names && !uri))
     return gpg_error (GPG_ERR_INV_ARG);
 
+  keydb_close_all_files ();
+
   /* The lookup function can be invoked from the callback of a lookup
      function, for example to walk the chain.  */
   if (!dirmngr_ctx_locked)
@@ -1043,6 +1047,8 @@ gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
   size_t len;
   struct run_command_parm_s parm;
 
+  keydb_close_all_files ();
+
   rc = start_dirmngr (ctrl);
   if (rc)
     return rc;
diff --git a/sm/keydb.c b/sm/keydb.c
index c4803f8b7..49d3404a3 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -375,6 +375,23 @@ keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created)
 }
 
 
+/* This is a helper requyired under Windows to close all files so that
+ * a rename will work.  */
+void
+keydb_close_all_files (void)
+{
+#ifdef HAVE_W32_SYSTEM
+  int i;
+
+  log_assert (used_resources <= MAX_KEYDB_RESOURCES);
+  for (i=0; i < used_resources; i++)
+    if (all_resources[i].type == KEYDB_RESOURCE_TYPE_KEYBOX)
+      keybox_close_all_files (all_resources[i].token);
+#endif
+}
+
+
+
 KEYDB_HANDLE
 keydb_new (void)
 {
@@ -1080,6 +1097,7 @@ keydb_store_cert (ctrl_t ctrl, ksba_cert_t cert, int ephemeral, int *existed)
      records.  */
   keydb_set_ephemeral (kh, 1);
 
+  keydb_close_all_files ();
   rc = lock_all (kh);
   if (rc)
     return rc;
@@ -1165,6 +1183,7 @@ keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
   if (ephemeral)
     keydb_set_ephemeral (kh, 1);
 
+  keydb_close_all_files ();
   err = keydb_lock (kh);
   if (err)
     {
@@ -1263,6 +1282,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
         }
     }
 
+  keydb_close_all_files ();
   err = keydb_lock (hd);
   if (err)
     {
@@ -1295,7 +1315,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
         }
     }
   if (rc && rc != -1)
-    log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
+    log_error ("%s failed: %s\n", __func__, gpg_strerror (rc));
 
  leave:
   xfree (desc);
diff --git a/sm/keydb.h b/sm/keydb.h
index f4db5d394..226cac226 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -33,6 +33,8 @@ typedef struct keydb_handle *KEYDB_HANDLE;
 /*-- keydb.c --*/
 gpg_error_t keydb_add_resource (ctrl_t ctrl, const char *url,
                                 int force, int *auto_created);
+void keydb_close_all_files (void);
+
 KEYDB_HANDLE keydb_new (void);
 void keydb_release (KEYDB_HANDLE hd);
 int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);