• Installing or re-installing Win7? Make sure you get the BitLocker patch

    Home » Forums » Newsletter and Homepage topics » Installing or re-installing Win7? Make sure you get the BitLocker patch

    Author
    Topic
    #1911985

    No, I don’t make this stuff up. On Friday Microsoft added three little gotchas to the bottom of its SHA-2 patching advisory for Win7. Long story short
    [See the full post at: Installing or re-installing Win7? Make sure you get the BitLocker patch]

    6 users thanked author for this post.
    Viewing 19 reply threads
    Author
    Replies
    • #1912067

      Did you HIDE KB3133977 at some point?
      If it’s not already installed on your computer you may have the same problem.

      1 user thanked author for this post.
      • #1912172

        Another issue is that KB3133977 will not install on Windows 7 versions which do not support Bitlocker, and it was reported that KB3133977 could brick some Asus computers. I recall that only Win7 Enterprise supports Bitlocker.

        From your AskWoody article:

        “Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.”

        I had that problem when I installed an unsigned driver. UEFI refused to allow my Windows 7 computer to boot. Fortunately, I was able to use Macrium Reflect to repair the EFI partition to allow Windows to boot again.

        Yet the issue remains that KB3133977 simply will not install on my Win7 Pro computers since Pro doesn’t support bitlocker.

        • #1912245

          Have you checked the Services available on your W7 version?

          Blackviper’s take supports what I see on W7 Pro. and Home Premium.

          • #1912448

            I think you are on to something. On my Win7 Pro computers, Bitlocker is set to manual instead of automatic startup. You reckon this might be why I couldn’t get the update to install?

            • #1912486

              Manual is the default and it’s fine for the Bitlocker Service.

              No idea why the KB failed, you’ve not detailed the error(s) yet. We need hard data to work with, as much as you can get.

              1 user thanked author for this post.
        • #1912251

          Yet the issue remains that KB3133977 simply will not install on my Win7 Pro computers since Pro doesn’t support bitlocker.

          Hmmmm…  Interesting.
          Because I find it installed on every Win7 of mine that I have checked: Win7 Pro 32-bit, Win7 Pro 64-bit, Win7 Ultimate 64-bit.

          Edit: Hmmmm… It gets even more interesting. I find it installed on my 2006 vintage Dell Inspiron 9400 laptop, Win7 Home Premium,  32-bit, centrino duo, max 2GB RAM, up to date as of July 2019 patching.

          • This reply was modified 5 years, 7 months ago by PKCano.
          2 users thanked author for this post.
          • #1912452

            I am about to try installing KB3133977 again via Windows Update. I will let you all know what happens. Right now, I have left bitlocker set to manual startup under services.

            • #1912565

              KB3133977 was successfully installed today on my primary Windows 7 Pro desktop and laptop computers. While the update file itself is fairly small, it does take some time after reboot to get past the three flashing dots. Just be patient. Eventually you will see a message that the update progress has reached 32%, and then things further proceed fairly rapidly.

              Now I have to manually download KB3133977 from the windows update catalog so that I can put this update into my folder of required updates which need to be installed when building a new Win7 OS installation. The other two updates and one file which must be in the same folder are:

              KB4490628 (WU servicing stack update)
              KB4474419-v2-x64 (SHA-2 code signing v2)
              pciclearstalecache.exe

              Am I missing anything which I need to perform a fresh install of Win7?

               

              1 user thanked author for this post.
      • #1912264

        I remember this article on betanews gonetoplaid,
        https://betanews.com/2016/05/05/asus-secure-boot-windows-7-update/
        and the fix within link from Asus
        https://www.asus.com/support/FAQ/1016356/
        Could not help but laugh at the Microsoft solution in that betanews article:

        Microsoft also has a solution:
        The Secure Boot feature is supported in Windows 10. To learn more about the security advantages of this feature and about the upgrade path from Windows 7 to Windows 10, go to the following Windows website:

        I have Windows 7 32bit on MBR, no bitlocker activated and up to date as of July 2019 without KB3133977 installed and everything works for my needs. All imaged should anything go pong!

        ‘Extended support’ makes me wonder what will be dished out beyond Windows 7 EOL for enterprises, should they wish to continue using the OS. The current state of ‘extended support’ is bearly palatable.

        Should I need to reinstall Windows 7, Linux IS my port of call on this device.

        illegitimi Non Carborundum
    • #1912071

      Lol whut? Is this for real? Even if you don’t use bitlocker and have never had it on your system you still need this patch?

      shakes head in disbelief

      You couldn’t make this stuff up.

      1 user thanked author for this post.
      • #1912107

        Not only that, but the warning is buried in pull-down line-items in a FAQ at the bottom of the old SHA-2 announcement.

        I don’t know how @abbodi86 finds this stuff, but maaaaaaannnnnn…..

        1 user thanked author for this post.
        T
        • #1912259

          It’s Kafkaesque madness which seems par for the course with microsoft these days. I’m glad for people like abbodi86 though who keep track of this stuff and tell us.

          I’m curious now if anyone has run into this issue without the required patch because i see it on my hidden list and i’m loathe to install anything optional that i don’t specifically need but then my HDD might go belly up tomorrow. Also, does this affect the ability to create a system image through backup and restore in the first place?

    • #1912246

      I successfully installed kb3133977 in May 2016. Do I have to run bcdboot.exe, which I have in two locations, system32 and winsx64\amd64, on my hard drive and do I have to run it in both locations?  Thanks.

      1 user thanked author for this post.
    • #1912247

      I think it is actually worth backing up the BCD anyways. Use EasyBCD 2.3 on W7, as it is just a matter of clicking on ‘backup’ for it to make a copy. If you need the BCD at a later date, just open the GUI again and select ‘restore’.

      It is freeware. I got it from NeoSmart Technologies (neosmart.net/easybcd)

      2 users thanked author for this post.
      • #1913210

        I just installed EasyBCD 2.4 and used it to make a backup of my EFI boot loader. That was easy! It looks like Neosmart also has a USB version which can be used to fix computers which BSOD on bootup.

    • #1912277

      Long story short, if you’re trying to install Win7 (either on bare metal, or a VM) and you:

      • Are using setup to install a customized image (e.g., created by DISM)
      • Are burning an image directly to the new machine, or
      • Installing an image with SHA-2 support, but it won’t start with error 0xc0000428

      My gobbledygook is rusty.  I have Win7 Home Premium, with updates frozen as of Dec 2017.  The last time I used a system image after a preventive hard drive replacement (4-5 yrs ago) it was successful, no hiccups or glitches.

      If I understand what is being said in this article, because I have a “closed system”, and my system image backups are created by and within that closed system, I conclude this hullabaloo does not affect me.

      Please advise if I am mistaken.  Thank you.

      • #1912345

        If you are not doing a clean install of Windows you do not have to worry about it.
        If you have not updated since Dec 2017, and you are not currently updating Windows, then current Windows updates do not concern you. The conflict is caused by the installation of a current August 2019 Windows patch.

        6 users thanked author for this post.
      • #1912692

        My gobbledygook is rusty. […] If I understand what is being said in this article, because I have a “closed system”, and my system image backups are created by and within that closed system, I conclude this hullabaloo does not affect me.

        I also had a hard time parsing the risk scenarios in the article. I wonder if it would be fair to read the conditions as:

        Long story short, if you’re trying to install Win7 (either on bare metal, or a VM) and you want to install post-July updates and you:

        • Are using setup to install a customized image (e.g., created by DISM)
        • Are burning an image directly to the new machine, or
        • Installing an image with SHA-2 support, but it won’t start with error 0xc0000428

        I think that’s what PKCano’s reply is implying — that the issue doesn’t affect you if you’re not interested in post-July updates. If I’m misreading between the lines, I hope PKCano will correct me.

    • #1912364

      I had two different systems, one server and one laptop, fail to boot yesterday after installing this month’s cumulative update.  I traced the issue directly to not having KB3133977 installed before installing the August update.  Both systems were x64 UEFI.  The installs were several years old, not fresh installs or reinstalls.

      The server… I restored to before the update.  The laptop took installing KB3133977 using the recovery console and DISM, rebooting back to the recovery console and running BCDBoot.exe.  Laptop came right back up after that.

      3 users thanked author for this post.
      • #1913212

        A question. Were you actually using Bitlocker on these two computers? I ask since I am not using Bitlocker on my Win7 computers, and I had no issues after installing the August SO without KB3133977 being installed on any of my Win7 computers.

    • #1912725

      This patch must also be installed on machines that boot from UEFI instead of BIOS and run Windows 7 64 bit (x64 and IA64) in order to successfully install this month’s security only patch (KB4512486) as well as this month’s rollup patch (KB4512506). See the entire thread “Caution: Windows 7 August Monthly Patch might cause BSOD” here on AskWoody, and my post at the end, post number 1911473 posted right here: https://www.askwoody.com/forums/topic/caution-windows-7-august-monthly-patch-might-cause-bsod/#post-1911473

      This is a known issue that appears in the KB articles for BOTH of this month’s Win7 security parches, about machines not rebooting after installing the patch and giving a black screen of death.
      Here’s a direct quote from KB4512506:

      IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:

      “File: \Windows\system32\winload.efi

      Status: 0xc0000428
      Info: Windows cannot verify the digital signature for this file.”

      I added the bolding in the quote above.

      So, even for folks who haven’t installed from scratch in the last 30 days or so, the bit locker patch still plays a role in the successful installation of the two Windows 7 patches this month for some folks! Basically, if your computer boots from UEFI, you’d better get the bit locker patch (KB3133977) installed BEFORE installing any security patches for August, as illustrated by Anonymous just above this post, number 1912364.

      My thanks to @abbodi86 for clarifying if I should install this patch even though I hid it on one of my machines.

      • This reply was modified 5 years, 7 months ago by Bob99. Reason: Added direct quote
      3 users thanked author for this post.
      • #1912759

        “Basically, if your computer boots from UEFI, you’d better get the bit locker patch (KB3133977) installed”.
        How do we find out if our computers boot from UEFI or not ?

        Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

      • #1912760

        Hi Bob99,

        Thanks for the strong alert. Yet the requirement to install KB3133977 before installing the August updates might not be entirely true. Let me explain. I do not use Bitlocker on my Win7 Pro computers. I had no issues in installing the July and August Security Only updates. Perhaps since I so not use Bitlocker?

        Anyway, I subsequently have now installed KB3133977 on my Win7 Pro computers (which do not use Bitlocker) without any issues.

        Hopefully we all will be able to figure out the latest August round of Microsoft updates. August really does seem to be a really bad month for Microsoft, not that any other month is an order of magnitude better, since there almost always is usually something which Microsoft promises to fix in future updates.

        Best regards,

        –GTP

         

    • #1912742

      Even though the motherboards in my systems are all UEFI, I still boot Windows 7 using BIOS (my boot SSDs are formatted using MBR instead of GPT).

      So should I not be affected by this potential issue? I would think so, but I welcome confirmation.

      Hope for the best. Prepare for the worst.

      1 user thanked author for this post.
    • #1912840

      To clarify for the beginners:

      EFI boot means the BIOS searches the hidden EFI FAT partition to run the file “bootmgr*.efi” instead of running the code in the boot sector of the Windows partition (which in turn loads a boot loader from the disk containing that boot sector). This may or may not be unrelated to the use of MBR-style partition tables.

      “Image” refers to a file tree inside a Microsoft .wim file (which may contain more than one “image”), as used almost exclusively by the Windows 6/7/8/8.1/10 installer (including what counts as “Windows PE” these days). This has very little to do with an actual disk image except in the naming of related commands.

      Historically, there were all sorts of fatal bugs in the patches that upgraded Windows 6/7 Kernel Mode File signature checking from SHA-1 to SHA-2, so much that this was often a skipped update, abandoned by both Microsoft and users way back when Windows 7 was in mainstream support. Now, a few months before end of extended support, they push out a new version of these patches, and it crashes again.

      Therefore, most production Windows 7 drivers (.SYS files etc.) from vendors are signed with SHA-1 signatures chaining via old commercial CA roots to ancient Microsoft cross-certificates. So it is unclear if this brings in the lock-down to require drivers to be submitted to Microsoft Windows 10 signing services (that have stopped or will soon stop accepting Windows 7 drivers) in order to load those drivers on Windows 7, thus effectively stopping hardware vendors from updating, bug-fixing or adding Windows 7 drivers. Official Microsoft rules on this were also a muddled mess.

      1 user thanked author for this post.
      Pim
    • #1913053

      I am getting confused. KB3133977 is not installed on most (at least 3) of my Windows 7 machines, nor have I hidden it or is it offered through Windows Update (not even as an optional update). I have 1 machine on which it is installed, apparently via Windows Update, because that is the way I update my machines. If this update is so important, how come I do not see and have never seen it? Does it mean I have to manually download it from the catalogue and install it? One of the machines on which I do not have any trace of KB3133977 is an Windows 7 x64 UEFI machine. The others all boot from MBR.

      • #1913214

        Maybe check your Windows Update settings to make sure that WU checks for optional updates?

        • #1913219

          Maybe check your Windows Update settings to make sure that WU checks for optional updates?

          Thanks for your suggestion. However Windows Update always checks for optional updates, it is not a setting than can be changed.

    • #1913215

      A question for the experts. Now that I have KB3133977 installed on my Win7 computers, do I simply run bcdboot.exe with no parameters from an elevated command prompt?

      • #1913220

        I thought you only needed to do that if you reinstall windows from a backup and it throws up an error message but you now have the required patch installed so i assumed that wouldn’t be necessary. This whole mess is so confusing though so it’s likely i’ve got it wrong.

      • #1913229

        Yes, without parameters bcdboot update/create boot files for current system

        but i think it’s not needed, installing KB3133977 should have handle that

        2 users thanked author for this post.
    • #1913257

      A question. Were you actually using Bitlocker on these two computers? I ask since I am not using Bitlocker on my Win7 computers, and I had no issues after installing the August SO without KB3133977 being installed on any of my Win7 computers.

      Hi,

      Newly registered, I’m the anonymous poster above (and in the Win7 patch August BSOD thread).

      No bitlocker installed.  The two affected systems were Server 2008 R2 (x64/UEFI) and Windows 7 (x64/UEFI).  Both did not have KB3133977 installed and both failed to boot after installing the August cumulative update.  The server showed the same error as the laptop.  As I said, it was faster to just restore the server with the backup from 8 hours prior.  I installed KB3133977 after it restored but have not tried to put the August update in as of yet.

      Once I started working on the laptop, I found the x64/UEFI warning at the bottom of the KB4512506 page.  I was having difficulty getting KB3133977 to the laptop to use with DISM so I tried running bcdboot.exe without installing KB3133977.  On the reboot it gave me the 0xc0000428 error.  I ended up pulling the laptop drive, putting it in dock on a working system, copied KB3133977 to the drive and then followed the directions using DISM and bcdboot.exe.  The laptop came right back up after that.

      Systems that were not UEFI and did not have KB3133977 installed had no trouble with the August update.

      3 users thanked author for this post.
      • #1913885

        I have been thinking about why I didn’t have any trouble installing the August SO on my three primary Win7 computers. The laptop doesn’t support UEFI, so that explains why it didn’t have any issues. My two primary desktops (virtually identical computers) have their BIOS configured to use a hybrid UEFI/legacy mode in which non-EFI partitions can also boot. I suppose that this is why I had no issues after installing the August SO even though I didn’t have KB3133977 installed? Also, I never installed the convenience rollup since it contains telemetry.

    • #1913266

      Reading everything here, just consider how much time and effort is wasted sorting out this issue with KB3133977. Also the time and effort those of those that ran into the issues because they had not installed KB3133977, including the people that do not visit AskWoody. And all of that just because MS in all of its wisdom changes to SHA2 only signing for Windows 7, just 5, I repeat: just 5 months before Windows 7 is EOL. Sigh…. Any wise (wo)man would not have bothered and thought that it just is not worthwhile for just 5 months.

      I am really grateful for all of you that participate, share and respond. But would you rather not have spent that time on something more constructive? I know I would (having lost too much time this morning just trying to figure out what was going on…).

      • #1913269

        Any wise (wo)man would not have bothered and thought that it just is not worthwhile for just 5 months.

        What 5 months ? 3 years.

        • #1913284

          What 5 months ? 3 years.

          Win7 EOL is January 2020. That is 5 months from now, not 3 years.

          Edit: this was meant as a reply to the above post by Alex5723. I do not know what I did wrong, but it apparently was not posted as a reply.

          • This reply was modified 5 years, 7 months ago by Pim.
          • #1913290

            What 5 months ? 3 years.

            Win7 EOL is January 2020. That is 5 months from now, not 3 years.

            Edit: this was meant as a reply to the above post by Alex5723. I do not know what I did wrong, but it apparently was not posted as a reply.

            • This reply was modified 5 years, 7 months ago by Pim.

            Microsoft will extend support for 3 years.

            • #1913302

              But only if you are an enterprise and pay. This will be a relatively (very?) small portion of all current Windows 7 users. Now THAT would have been a much better point in time to change to SHA2 only.

              1 user thanked author for this post.
    • #1913346

      Systems that were not UEFI and did not have KB3133977 installed had no trouble with the August update.

      So confused. like others here I have multiple Windows 7 Home Premium SP1 PCs that DO NOT have KB3133977 installed NOR hidden and all three are legacy BIOS not UEFI.

      Zathras’s experience quoted above leads me to think those of us in my situation should be able to install the August update(s) without problems.

      Can anyone else confirm?

      Can we ignore KB3133977?

      Thanks!

      • #1913405

        That is my understanding as well, those who still use BIOS should be fine but what really grinds my gears about this utter mess is what happens when you need to reinstall windows? Say an image restore to a new HDD? Will that work or will those who use BIOS still run into this issue as the support article suggests? In that case, you have to take the risk of installing the bitlocker patch and the SHA-2 v.2 patch and hope it doesn’t break anything else and when the inevitable time comes to restore you’re plain sailing. I would love to see some test cases here because i certainly ain’t trying it.

    • #1913356

      –> Never mind. I think PKCano’s post #1912345  answers my question. <–

      Another thing –

      Maybe a silly question, but does this (from Woody’s Computer World article where he lays out three situation where this KB3133977 update comes into play):

      • “You’re burning an image of Win7 directly to disk without running setup.”

      include restoring a Windows image backup over an existing Windows installation?

      Thanks!

      • This reply was modified 5 years, 7 months ago by opti1.
    • #1913357

      What a mess, Win7 Pro here and i have not installed KB3133977, nor is it hidden.
      According to multiple sources KB3133977 is included in KB3125574 ‘Convenience rollup update’.

      Can anyone confirm for sure that you do not need to install KB3133977 if KB3125574 is installed ?

      • #1913441

        If you have installed KB3125574, I would go take a look at the file list of KB3133977 for your bittedness (x64 or x86, 64 bit or 32 bit) and see if the file versions on your machine meet or exceed the version numbers quoted in the list in the article for KB3133977. If they meet or exceed those version numbers, then you’re probably all set, and don’t need to install KB3133977 prior to any of the August patches.

        Most all of the individual files (the .dll, .efi, .mof and .sys files) mentioned in the bulletin should be found in the \Windows\system32 folder right after the long list of subfolders within the system32 folder. All of the individual .dll, .efi, .mof and .sys files should be there. The file “Tpm.sys” might be found in the drivers subfolder of the system32 folder if it isn’t listed with the other files in the system32 folder.

        I wouldn’t worry about the files on the list labeled “Tpm.inf_loc”, as those are for specific locales that MS doesn’t specify in the bulletin for some reason. If this is wrong, MVP’s/”DaBoss”es please feel free to correct this statement.

      • #1913489

        Yes, CR KB3125574 include (supersede) KB3133977
        you don’t need it


        @Bob99

        the updated boot files are in C:\Windows\Boot\EFI

        • #1913495

          Phew that’s a relief here got 2 Machine specific SYSPREPed Win 7 x64 Images here and for added enjoyment the .WIM’s are actually .SWM’s (Split WIM’s) and were compiled using the KB3125574 aka unofficial SP2 roll up.
          So recombining the .WIM and updating them, Mount, unmount and commit, creating a fresh .ISO, and at 3 indices per Image would be time consuming to say the least.
          Thanks for that snippet 🙂

    • #1927749

      My system’s patches are up to date.  If I create an image of my Win7 computer today, and “restore” it to a brand-new hard drive tomorrow, do I need the bitlocker patch?  It’s hard to see why I would, but I’d like to have this clarified.  Thanks.

      • #1927778

        If the Bitlocker patch is installed in the image you restore from, you do not need to install it again.
        If you are installing from an image created before 5/3/2016 (when the Bitlocker patch was issued), you will need to install KB3133977 along with the latest Servicing Stack and the SHA-2 coding update prior to using Windows Update..

        1 user thanked author for this post.
    • #1934666

      I have a few Win 7 systems, some X64 Ultimate and one x64 Home Premium.

      All of them already have KB4490628 (Servicing Stack update) and KB3125574 (a roll-up that includes KB3133977).

      I downloaded the latest standalone KB4474419 (SHA2 v2) update from the MS update catalog.

      The 1st system to be updated is the Home Premium system.

      Launched the update & it seemed to install OK initially.  But after I clicked on the post-install restart it has been stuck on the “Preparing to configure Windows” screen for almost an hour so far.  The system is a laptop with a modest CPU but fast SSD.  There’s consistent modest disk activity… but it’s taking forever.  The last time I experienced this was with the last servicing stack update.  I have my fingers crossed the update will complete…

      • #1934688

        I have a few Win 7 systems, some X64 Ultimate and one x64 Home Premium.

        All of them already have KB4490628 (Servicing Stack update) and KB3125574 (a roll-up that includes KB3133977).

        I downloaded the latest standalone KB4474419 (SHA2 v2) update from the MS update catalog.

        The 1st system to be updated is the Home Premium system.

        Launched the update & it seemed to install OK initially.  But after I clicked on the post-install restart it has been stuck on the “Preparing to configure Windows” screen for almost an hour so far.  The system is a laptop with a modest CPU but fast SSD.  There’s consistent modest disk activity… but it’s taking forever.  The last time I experienced this was with the last servicing stack update.  I have my fingers crossed the update will complete…

        So this was posted by me (ek).  I had to post as anonymous because I was not on one of the home systems at the time.

        Anyway…

        I gave up trying to install KB4474419 on the Win 7 Home Premium laptop.  The update just wouldn’t complete.  The laptop is an old Acer AMD A6 system and has a weird hybrid UEFI/BIOS boot that cannot be configured at all in BIOS.  It has always made setting up dual boot Win/Linux a pain and I suspect the quirk got in the way of the update.

        In fact, all of my other Win 7 systems are BIOS MBR boot and do not have bitlocker installed.  So, no real need for me to do the updates.

        Back in July I decided to no longer do any updates to Win 7.  But I got the recent impression I needed to re-update bitlocker/SHA2 updates with the latest versions to assure I could restore a Win 7 disk image backup.  Appears not to be the case for me.  So, hopefully, I’ll return to ignoring Win 7 updates.

        • This reply was modified 5 years, 6 months ago by ek.
        • #1934698

          ? says:

          hi ek,

          did you get any error codes? or did it get stuck before generating any? is it the march version or did you get that one to install and now you’re sticking on the august v2 version? or in my case too much more brain damage

    • #1934705

      ? says:

      hi ek,

      did you get any error codes? or did it get stuck before generating any? is it the march version or did you get that one to install and now you’re sticking on the august v2 version? or in my case too much more brain damage

      No error codes.  Just the “Preparing to configure Windows” screen and some meager repetitive disk activity.  I gave it 2 hours and no change.  So I did a hard powerdown & then booted into safe mode, which announced the update failed and recovered to the previous state/version.

      That was with 8/12/2019 version of KB4474419.

      The update failed on my old Acer X64 Win 7 Home Premium laptop, which has the weird non-configurable UEFI/BIOS boot mode.  That is, it will boot UEFI if – when during OS install – I choose UEFI.  If I config a disk for good ‘ol BIOS MBR boot, the BIOS will boot that too.  And the BIOS will allow boot into UEFI mediated recovery.  But the BIOS itself has no options to control this.

      My other Win 7 systems are plain ‘ol BIOS MBR boot.  No UEFI in the BIOS at all (AMD 970 boards).  I think it’s likely KB4474419 will install OK on these systems… but I’m not going to bother finding out.

      On all my systems, I run Linux 99% of the time (some 100% now).  That’s been my practice for years now.  At this point I’d lose very little if I went full 100% Linux.  Man, MS missed the boat with me.

    • #1934717

      ? says:

      i looked around a bit and found this one;

      https://www.sevenforums.com/windows-updates-activation/418834-unable-install-kb4474419-win7-x64-ultimate.html

      and:

      https://www.bleepingcomputer.com/forums/t/696802/cant-install-kb4474419-it-fails-and-reverts/

      don’t know if they would help? so did the March version install w\o trouble? anyway i hope you get past this glitch and then on to whatever else they throw our way…

      Aha!  Thanks for the pointers.

      First, I did review the update log and saw error #80070643 for my earlier attempts to install KB4474419.  I researched this and found no consistent answer on that code.  But it did seem sometimes to correlate to file permissions issues.

      And, yes, the earlier March version of KB4474419 installed fine, per review of my update history.

      Anyway… fix discovered:

      Well, per one of the links you provided, the “fix” was to login to the Administrator account and install the standalone 8/12/2019 version of KB4474419.  Perhaps I could have just done a right-click “run as Adminstrator” on the standalone update via my normal account (which has admin privs), but I chose to just login as Administrator as others had done to get the update to install clean.

      The bottom line: KB4474419 installed successfully (and relatively quickly) when running the standalone update when logged in as the Administrator user.

      I did the same thing on my other Win 7 systems. No issues.  I suspect I could have done a normal install of the update on those systems as they are Win 7 Ultimate.

      I have to say: it’s been a loooong time since I had to resort to installing an update this way.  I’m kicking myself for not remembering & giving it a shot initially.

      Note:
      On one system I had to actually make the Administrator user visible in the login screen.  To do that, I right-click selected “Run as Administrator” for CMD.EXE.  Then in the resulting CMD window, I entered:

      net user administrator /active:yes

      Then I logged out from my account & immediately logged in as the Administrator user.  Note that no password was set for the Administrator user yet, so I could initially login as Administrator without a password (!!!!).  Thus, immediately after login I set a password for the Administrator user. 

      So if you choose to make Administrator visible on the login screen:  PLEASE make sure the Administrator user has a reasonably secure password set.

      • This reply was modified 5 years, 6 months ago by ek.
    Viewing 19 reply threads
    Reply To: Installing or re-installing Win7? Make sure you get the BitLocker patch

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: