Thursday, March 12, 2015

Update KB3033929 fails with error code 80004005

KB3033929, Microsoft security advisory: Availability of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2: March 10, 2015

The process is the same every time:
- downloads and installs the update
- requests a restart
- before shutting down and restarting, it 'Configures Windows' for a while
- after restart, it is 'Preparing to configure Windows', gets to about 72%, reports 'Failure configuring Windows update. Reverting changes'
- restarts automatically
- 'prepares to configure Windows' once again, shows the 'Failure configuring Windows update. Reverting changes' once again
- shows the login screen

While I'm thankful for those that patch immediately on Patch Tuesday as they sound the alarm for the rest of us, it's insane for anyone who is responsible for business computers to do so. I've been in IT for going on 10 years next month, and I've never had a single issue with Microsoft updates because I don't even begin to test them until a few days after release, with the exception of exceptionally critical security updates. That gives Microsoft enough time to pull any updates that cause issues before my systems get them.

Edit: I've seen some reports of dual booting Windows/Linux systems having an issue with this update, and either unplugging the Linux drive or changing your system to only boot to Windows may fix it. I've seen reports of others that do not dual boot having a problem with this patch as well.

Rvnlord suggests the following to fix the issue on computers without a dual boot (grub):

1. Open directory where is the file mentioned in the error, in my case: "C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646\winresume.exe"
2. Right Click on the file > Properties > Security > Advanced > Owner > (Set it to your Account) > OK
3. In previous Window: Edit > Add
4. You need to add two accounts
- "NT SERVICE\TrustedInstaller"
5. Give them both Read, Write, Execute permissions. > OK
6. Now KB3033929 which is one big nightmare should install without any problems and ask you to restart your computer afterwards.

For computers dual booting Windows and Linux using Grub, boot into Linux and turn the Linux active flag on the partition off. When you reboot you should go directly into Windows and the update should install successfully. You will have to use a Linux boot CD to turn the active flag on for the Linux partition to restore access.