KB5034441 Won’t Install? Here’s the Fix for Recovery Partition Size Issues

🛠️ Fixing KB5034441 Update Errors on Windows Server 2022

While setting up a Windows Server 2022 build for a client, I encountered persistent Windows Update errors. After some digging, I discovered the issue was related to a known security vulnerability that allows attackers to bypass BitLocker encryption via Windows Recovery Environment (WinRE). Microsoft addresses this vulnerability with KB5034441, which affects Windows Server 2022 (built on the Windows 10 21H2 core), as well as Windows 10 versions 21H2 and 22H2.

However, the update often fails to install if the winre.wim image can’t be expanded—commonly due to insufficient space in the Recovery partition. By default, especially when using MDT (Microsoft Deployment Toolkit), Windows allocates only the last 1% of the disk for the Recovery partition after setting up the System and Windows partitions. On smaller drives, this space constraint is likely to block the installation of KB5034441.

Let’s walk through how to resolve that.

🔍 Locating the WinRE.wim File

To identify the location of your Windows Recovery Environment (WinRE) image, run the following command in an elevated Command Prompt:

C:\Windows\system32>reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:

    Windows RE status:         Enabled
    Windows RE location:       \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
    Boot Configuration Data (BCD) identifier: fb41ccc1-d451-11ee-91bf-c792959b2d94
    Recovery image location:
    Recovery image index:      0
    Custom image location:
    Custom image index:        0

REAGENTC.EXE: Operation Successful.

This will display information about the current WinRE configuration, including the path to winre.wim. This step is essential for troubleshooting or manually updating the image.

📘 Need more details? You can find additional info on the official Microsoft documentation or relevant support articles.

As you can see above in my output, the Windows Recovery Environment image is located on my Recovery partition, which is partition 4. If it’s different for you, account for that in the following script or you might have a bad day.

🧩 Fixing the Recovery Partition with a Batch Script

To resolve the KB5034441 update failure caused by an undersized Recovery partition, you can use the following Batch script. It automates the steps to resize and recreate the Recovery partition properly:

powershell.exe -noninteractive -command "reagentc /disable; echo 'sel volume c' 'shrink minimum=250' 'sel part 4' 'delete partition override' 'create partition primary' 'format quick fs=ntfs label=Recovery' 'set id=de94bba4-06d1-4d40-a16a-bfd50179d6ac' 'gpt attributes=0x8000000000000001'  | diskpart.exe"; reagentc /enable

🛠️ What This Script Does

1. Disables WinRE using reagentc /disable
   • Moves winre.wim from the protected Recovery partition to: C:\Windows\System32\Recovery\Winre.wim
2. Runs a series of DiskPart commands via PowerShell:
   • Shrinks the Windows (C:) partition by 250MB
   • Selects and deletes the current Recovery partition (part 4 — you may need to adjust this)
   • Creates a new Recovery partition
   • Formats it as NTFS with the label Recovery
   • Sets the correct partition ID and GPT attributes to mark it as a Recovery partition
3. Re-enables WinRE using reagentc /enable
   • Moves winre.wim back to the new (larger) Recovery partition.

✅ Field-Tested and RMM-Ready

I’ve tested this script successfully on my own systems. It’s particularly useful for mass deployment through tools like ConnectWise Automate or other RMM platforms, saving time and avoiding manual intervention.

💡 Future Improvements

A great next step would be to add logic to dynamically identify the Recovery partition by label or type, rather than hardcoding the partition number (part 4). This would make the script more flexible and safer for diverse environments.

✅ Conclusion

Addressing the KB5034441 update issue caused by an undersized Recovery partition is critical for maintaining system security—especially when BitLocker is in use. By understanding the root cause and applying a reliable, script-based solution, you can resolve this problem efficiently across multiple systems. Whether you’re managing a few servers or an entire fleet through an RMM platform, this approach minimizes downtime and ensures your systems stay secure and up to date.

🌿 Final Thoughts

Microsoft’s security patches are essential, but they sometimes expose limitations in default deployment setups—like the size of the Recovery partition. Proactively addressing these issues not only prevents update failures but also strengthens your overall infrastructure. Investing a bit of time now to automate and standardize fixes like this will save countless hours down the road, especially in environments with many endpoints. Stay ahead by building solutions that scale.

WinReflection

My name is Dex, author at WinReflection.

I am a Christian, conservative, truth-seeker, and problem-solver who is not afraid to be vocal about important or controversial issues—silence leads to death. There’s more to life than the worldly status quo, and that’s why many are sad and depressed—they’re suffocating. Truth and purpose can bring fresh air into one’s life, and that’s my mission. My sidebar content should not trigger you, the proof is all there.

📖 John 3:16: For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.