Automate Recovery Partition | KB5034441 Fix
Table of Contents
INTRO
Recently I was preparing a Windows Server 2022 build for a client and ran into some Windows Update errors. As it turns out there is a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE which KB5034441 aims to patch. Server 2022 is based off of Windows 10 21H2 core and also Windows 10 21H2 and 22H2 are affected as well.
The update fails to install if the winre.wim image can’t be expanded enough to install the update. At least in the case of MDT, by default Windows uses the last 1% of the drive after the System and Windows partitions are created for the Recovery partition. So if you installed Windows to a relatively small drive you will probably run into KB5034441 not installing. So let’s fix that.
LOCATE WINRE.WIM
Run the command reagentc /info to verify where your Windows Recovery Environment image is, more info here.
C:\Windows\system32>reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
Boot Configuration Data (BCD) identifier: fb41ccc1-d451-11ee-91bf-c792959b2d94
Recovery image location:
Recovery image index: 0
Custom image location:
Custom image index: 0
REAGENTC.EXE: Operation Successful.As you can see above in my output, the Windows Recovery Environment image is located on my Recovery partition, which is partition 4. If it’s different for you, account for that in the following script or you might have a bad day.
SCRIPT
powershell.exe -noninteractive -command "reagentc /disable; echo 'sel volume c' 'shrink minimum=250' 'sel part 4' 'delete partition override' 'create partition primary' 'format quick fs=ntfs label=Recovery' 'set id=de94bba4-06d1-4d40-a16a-bfd50179d6ac' 'gpt attributes=0x8000000000000001' | diskpart.exe"; reagentc /enableThe script above will start off with reagentc /disable which will move the winre.wim image from the protected Recovery partition to C:\Windows\System32\Recovery\Winre.wim. This is a hidden and protected operating system file.
Then the script sends a series of commands to diskpart.exe to remove the Recovery partition, shrink the Windows partition, then remake the Recovery partition and then use the reagentc /enable command to move C:\Windows\System32\Recovery\Winre.wim to the newly created Recovery partition that should be larger now to apply the update.
I have tested on my own and it works, and I did this because I know there will be many computers out in the wild with the same issue and now I can deploy a fix through ConnectWise Automate or other RMM solution so I don’t have to manually do this. Future improvements would be logic to target the Recovery partition based on type or label rather than searching for the partition number beforehand.
CONCLUSION
That’s a fix! Run Windows Update and watch KB5034441 go away. I had fun doing this and learned something new which I will need to implement into my GitHub repositories for my AutoUnattend.xml files for Windows 10.
My name is Dex Sandel, author at WinReflection.
I am a Christian, conservative, and truth seeker that is not afraid to be vocal on important or controversial issues. Unfortunately, when a person has that kind of courage, the enemy tries to send haters and wolves in sheep’s clothing their way to damage their life in various ways. There are many rewards earned in Heaven for those that refuse to give up and fight the good fight. There’s more to life than the worldly status quo, and that’s why many are sad and depressed today, they’re suffocating. Truth and purpose can bring fresh air into one’s life and that’s my mission.
The best is yet to come, and nothing can stop what’s coming!
John 3:16: For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.
Leave a Reply
Want to join the discussion?Feel free to contribute!