When attempting to install the Windows KB5034441 security update for BitLocker on Patch Tuesday millions of Windows 10 users are greeted by the 0x80070643 errors and the installation is failing.
After the failed installation, the PC would reboot with a failed installation message and ask users to try again.
The error stated that,
“There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643).”
The update brought a BitLocker encryption bypass that allows users to access encrypted data.
So basically, Microsoft is installing a new version of the Windows Recovery Environment (WinRE) that fixes the BitLocker vulnerability.
Microsoft has also shared a solution to fix the aforementioned problem, so feel free to follow it if you’re facing the issue,
- Open the Command Prompt window (cmd) as admin.
- To check the WinRE status, run reagentc /info. If the WinRE is installed, there should be a “Windows RE location” with a path to the WinRE directory. An example is, “Windows RE location: [file://%3f/GLOBALROOT/device/harddisk0/partition4/Recovery/WindowsRE]\\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE.” Here, the number after “harddisk” and “partition” is the index of the disk and partition WinRE is on.
- To disable the WinRE, run reagentc /disable
- Shrink the OS partition and prepare the disk for a new recovery partition.
- To shrink the OS, run diskpart
- Run list disk
- To select the OS disk, run sel disk<OS disk index> This should be the same disk index as WinRE.
- To check the partition under the OS disk and find the OS partition, run list part
- To select the OS partition, run sel part<OS partition index>
- Run shrink desired=250 minimum=250
- To select the WinRE partition, run sel part<WinRE partition index>
- To delete the WinRE partition, run delete partition override
- Create a new recovery partition.
- First, check if the disk partition style is a GUID Partition Table (GPT) or a Master Boot Record (MBR). To do that, run list disk. Check if there is an asterisk character (*) in the “Gpt” column. If there is an asterisk character (*), then the drive is GPT. Otherwise, the drive is MBR.
- If your disk is GPT, run create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac followed by the command gpt attributes =0x8000000000000001
- If your disk is MBR, run create partition primary id=27
- To format the partition, run format quick fs=ntfs label=”Windows RE tools”
- First, check if the disk partition style is a GUID Partition Table (GPT) or a Master Boot Record (MBR). To do that, run list disk. Check if there is an asterisk character (*) in the “Gpt” column. If there is an asterisk character (*), then the drive is GPT. Otherwise, the drive is MBR.
- To confirm that the WinRE partition is created, run list vol
- To exit from diskpart, run exit
- To re-enable WinRE, run reagentc /enable
- To confirm where WinRE is installed, run reagentc /info
If you carefully follow these steps the update will install flawlessly.
