If you are “lucky” like me, you have recently seen update failures on Windows 10 systems , showing the error 0x80070643 .
The underlying reason in my case (and probably for you as well) is a security issue with BitLocker and Microsoft has been working on a fix for a while. In some cases the chosen approach seems to conflict with the size of partition of the Windows Recovery Environment. Microsoft has now finally surrendered (Windows release health notes entry), in that you will need to adjust the partition size by yourself. At least they provide a PowerShell script, which you can find here.
This page will not be kept up-to-date, so please verify with Microsoft that this still applies. The steps below have worked on multiple machines as of May 3, 2024.
The following steps are a log of what I have done on several notebooks here. While everything has worked well for me, these actions can potentially destroy your Windows 10 installation. If this is not your personal machine, you should absolutely check with your administrator/helpdesk.
If you follow the instructions, you do this at your own risk !
Here is what I have done
- Reboot machine to ensure that no update activites are still open
- Create directory to store the script and a sub-directory for the backup of Windows RE:
md c:\temp\winre_part\backup
- Open your editor of choice and safe the PowerShell script (link here) into
c:\temp\winre_part\enlarge.ps1
- Open PowerShell as Administrator and change into
c:\temp\winre_part
- Check whether you are allowed to run the PowerShell script by running this command. Remember the response (you will likely get
Restricted
):Get-ExecutionPolicy
- Allow execution of script by typing:
Set-ExecutionPolicy bypass
- Run the script by typing
enlarge.ps1
and specifyc:\temp\winre_part\backup
as backup directory - Change execution policy back to its original setting:
- Reboot your machine
- Check for updates and install fixes
Update: You may have to re-enbale WinRE
On one machine (the only one with a German localization) the script failed to re-enable the Windows Recovery Environment (WinRE). In consequence the security update also failed. This was solved by manually re-enabling WinRE.
I used the Administrator-level PowerShell that was still open and ran “reagentc /enable
“. After that the update was successful.