Windows 10 January update fails on KB5034441 with error 0x80070643

See here to see what it is all about. It's a Microsoft big mess.

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034441-security-update-fails-with-0x80070643-errors/

I deleted the Software Distribution files with BleachBit, and then paused Automatic Updates for 7 days since I don't want it to keep trying to install. I'll let Microsoft fix it at some point, and I'm not messing around with resizing partitions to accommodate an update I can care less about.

It installed without a problem here on patch Tuesday:

image.png

I do have a 900 MB Recovery partition, - but it only has 298 MB used.

image.png

It installed because of your recovery partition size (900MB)

By default it is around 500 or 522 MB at install of operating system. Microsoft wants you to add 250MB by resizing it through Disk Management yourself.

They resized Win 11 users partitions for them, there is no reason why the cannot do the same for Win 10.

I dread to think of how many millions of machines this has affected.

Also how many people tried to resize it themselves and now have no working machine.

Well I don't know why mine is 900 MB, it's just what was there and I haven't resized it.

AFAIK it's always been that size since the machine was new with Win 8.1 Bing on it, but it's the kind of thing you don't really pay attention to unless you have to.

It was originally a 1TB HDD in this laptop, and I did shrink the C: partition before cloning it to a 500GB SSD, but that's the only change I've made to partition sizes.

I can't imagine a million grandpas and grandmas going through all the fixit steps I see listed on other forums.

Is microsoft going to fix this for us non-tekkies, you think?

M$ are going to have to come up with an easier fix, as you say resizing partitions is not something that most would want to get involved with.

Of couse being M$ whatever they do come up with might (probably will) 'break' something else for some users.

Probably the best would be to get the new image file update down to below 500MB if they can.

It's my belief that modern programmers have got lazy about optimizing the size of what they create because there is usually a lot of storage space available compared to 'the old days'. (Just look at how much space the CCleaner folder now takes compared to what it used to be).

It appears that the KB has been pulled, nothing official;y announced yet but users report that it is no longer trying to install.

As the update isn't even needed on Win10 Home, which doesn't have Bitlocker, it's taken them long enough to pull it.

The biggest problem for a quick fix seems to be that many OEMs have put the recovery partition before the OS partition, that is contrary to MS guidance for OEMs and means that it cannot now be easily expanded.

From MS:

<a href="https://support.microsoft.com/en-gb/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8" ipsnoembed="true" rel="external nofollow">https://support.microsoft.com/en-gb/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8</a><br type="_moz">

Quote
<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		 
	</p>

	<p>
		<b class="ocpLegacyBold">IMPORTANT</b>
	</p>

	<p>
		This update requires 250 MB of free space in the recovery partition to install successfully. If the recovery partition does not have sufficient free space, this update will fail. In this case, you will receive the following error message: 
	</p>

	<p>
		<b class="ocpLegacyBold">0x80070643 - ERROR_INSTALL_FAILURE </b>
	</p>

	<p>
		To avoid this error or recover from this failure, please follow the Instructions to manually resize your partition to install the WinRE update and then try installing this update.
	</p>

	<p>
		 
	</p>
</div>
Quote
				<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
					<table aria-label="" class="banded flipColors">
						<tbody>
							<tr>
								<td>
									<p>
										When you try to apply this update on a PC that has no recovery partition, the update is unsuccessful and you receive the error <b class="ocpLegacyBold">0x80070643 ERROR_INSTALL_FAILURE</b>.
									</p>
								</td>
								<td>
									<p>
										You do not need this update if the PC does not have a recovery partition. In this case, the error can be safely ignored.  
									</p>

									<p>
										We are working on a resolution and will provide an update in an upcoming release. 
									</p>
								</td>
							</tr>
						</tbody>
					</table>
				</div>
			</blockquote>
		</td>
	</tr>
</tbody>
3 hours ago, nukecad said:
<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		The biggest problem for a quick fix seems to be that many OEMs have put the recovery partition before the OS partition, that is contrary to MS guidance for OEMs and means that it cannot now be easily expanded.
	</p>

	<table aria-label="" class="banded flipColors">
		<tbody>
			<tr>
				<td>
					 
				</td>
			</tr>
		</tbody>
	</table>
</div>

That's the problem when everyone does their own thing, i.e.; no official standards, not that any would follow "standards" anyway.

I have two recovery partitions, the first after the OS partition is 548MB, then the next after it is 1GB. Both too full to install the useless update that isn't for Win10 Home. That's why I'm not worried about it. They probably want to update systems that features aren't available on since they're essentially already installed just not usable unless someone knows how to force them to be available like how Group Policy Editor can be enabled on Win10 Home since it's already installed.

It installed on one of my Win10 PCs, but failed on the other one. Once I read what the cause of the problem was, I used AOMEI Partition Assistant which I had bought years ago to resize the partitions and increased the recovery partition enough so that the update would install.

But I agree that this would be an impossible work around for a non-techie user to figure out. Messing around with partitions is very risky if you don't know what you are doing. About as dangerous as editing the Registry.

KB5034441.jpg

Quote
<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		Next steps: We are working on a resolution and will provide an update in an upcoming release.
	</p>
</div>

https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-21H2#3231msgdesc

It tried to install again on my laptop last night, failed again. And they seem to be pre-loading something in C:\$WinREAgent with a new update.wim.

2 hours ago, Andavari said:
<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		It tried to install again on my laptop last night, failed again. And they seem to be pre-loading something in C:\$WinREAgent with a new update.wim.
	</p>
</div>

They have said they will fix it in a future update.

Microsoft sent a fix which doesn't work for bitlocker which my OS (win 10 home) doesn't have. Apparently it is too big for the recovery partition which I DO have but don't know why. Now they seem to have pulled the update but this computer is still trying to get it.

Now they have issued convoluted repair instructions which have failed for many users who are much tekkier that I am.

I'm certainly not going to try CMD as administrator + reagent c + powershell + diskpart + wushowhide + Minitool + whatever.

I maybe could, after all I can read, but I won't.

IMHO, its 50/50 odds that they don't fix it.

Just when you thought it was safe to go back in the water . . . :lol:

20 hours ago, login123 said:
<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		IMHO, its 50/50 odds that they don't fix it.
	</p>

	<p>
		Just when you thought it was safe to go back in the water . . . <img alt=":lol:" data-emoticon="" src="<fileStore.core_Emoticons>/emoticons/default_laugh.png" title=":lol:"> 
	</p>

	<p>
		 
	</p>
</div>

It will be 10 years in April of this year that they discontinued Windows XP updates, and I still run an old XP desktop for audio related stuff. And in those nearly 10 full years that old XP desktop hasn't had one damn thing (Microsoft) mess it up - of course using real-time protection antivirus on it and don't browse any websites whatsoever on it either.

It's a security fix for an exploit that's unlikely ever to affect a home user, (unlikely to ever affect anyone), so quietly dropping it may well be their chosen option.

As with a lot of security 'issues' these days the fixes provided are overkill for the vast majority of users, but needed or not they get pushed to them all anyway.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666

Quote
<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<p>
		A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. <strong>An attacker with <u>physical access to the target</u></strong> could exploit this vulnerability to gain access to encrypted data.
	</p>
</div>

In other words to even try exploiting the Bitlocker bypass vulnerability the hacker world have to be already logged on to your machine as Administartor.

How has the security software industry managed to convince everyone that they need to have government/military level security on their home computers?

It's paranoia running rampant, with millions being paid each year for levels of home computer security that just isn't needed.


You should match your security measures to the actual (expected) level of threat.

That's why for years I've used GRC InSpectre to disable the Meltdown and Spectre patches so my Intel 4 Core 8 Thread laptop CPU does run like ****.

I finally used wushowhide to hide KB5034441. Windows 10 home.

After using it, the many "failed to install" notifications disappeared from my update history.


Hadn't expected that, but it's good.


Now KB5034441 doesn't show up and slow the update process as it tries to install. Also good.

Is it true that wushowhide only works if you're connected to the 'net when you run it?

It seemed so here. But I didn't notice that in the instructions, maybe I overlooked it.

I had downloaded something (don't remember exactly what it's called at this time) to disable that particular update, and two supposed driver updates; 1 from Acer which I have a years newer version of already installed, and 1 from Intel that has no description.

FWIW, regular updates are still working properly here, AND KB5034441 never rears its ugly head.