Skip TPM Check v10 on new Dev channel build 23403 not working.

[nondetect]

The problem appears on reboot and "working with updates". No "work with updates" occurs after clicking restart to install the update. The computer just restarts as usual. It says: Windows 11 Insider Preview 23403.1001 (ni_prerelease) installation error is 0xc1900130 in center update. The update itself is downloaded and completes the installation.

Originally posted by @sam20112011 in https://github.com/AveYo/MediaCreationTool.bat/issues/57#issuecomment-990108850

Attached Partner folder from $WINDOWS.~BT However, SkipTPM v6f or v7, what related to these issues, is working on new Dev channel. On another side on new Canary channel SkipTPM v10 works great.

[qbikXVI]

Https://software-download.microsoft.com/download/pr/888969d5-f34g-4e03-ac9d-1f9786c69161/MediaCreationToolW11.exe MediaCreationTool11.exe download failed https://download.microsoft.com/download/1/b/4/1b4e06e2-767a-4c9a-9899-230fe94ba530/products_Win11_20211115.cab

ERROR Check urls in browser | del ESD dir | use powershell v3.0+ | unblock powershell | enable BITS serv Press any key to continue . . . don't work(

[rpodric]

@nondetect Thanks for the heads-up. I was attempting to use WU (with v10) to get from 22H2 to 23403 and found the same issue. WU cited 0xc1900130, but I noticed EV termed it 0x80242016. In any case, no matter how many times you try the WU install, it'll just reboot right back into Windows and not actually finish the install.

Before finding your message about v7, I then tried what I thought was "old reliable," which is making an ISO, mounting it, and then installing that way. But that way fails the TPM 2.0 and Secure Boot check, which of course shouldn't happen when the bypass is in effect.

This is when I found your message, put on v7, and now the ISO works (though interestingly, it skips a few of the introductory screens, something I've never seen it do before). I imagine WU would have worked, too, but since I already had the ISO I didn't try it.

[rpodric]

New build, 23419, is out today if anyone wants to test v10 against it, but I'm sticking with v7 for now as I don't really have any expectation that 23419 would make a difference.

[nondetect]

New build, 23419, is out today if anyone wants to test v10 against it, but I'm sticking with v7 for now as I don't really have any expectation that 23419 would make a difference.

I tested with v10 - don't work, with v7 and v8 - work, for those who previously update from release/beta -> 23403 with v7 need again use v7 script for update from 23403 -> 23419

[AveYo]

Sorry for being away for such a long time.
Dev builds have been rebased. 25xxx for Canary, 23xxx Dev, 22000 Beta
I did not anticipate a rebase, was thinking they are going to use 26xxx, so the code had this detection line: if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[256]"
The fix is simple, just had to add the 23xxx builds to that findstr regex:
if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[235]" Will update the script as soon as I can.

[nondetect]

Sorry for being away for such a long time. Dev builds have been rebased. 25xxx for Canary, 23xxx Dev, 22000 Beta I did not anticipate a rebase, was thinking they are going to use 26xxx, so the code had this detection line: if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[256]" The fix is simple, just had to add the 23xxx builds to that findstr regex: if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[235]" Will update the script as soon as I can.

Thank you for explaining how its work, think it in near future(month or above) goes to 26xxx or above (current build 25905), so [2345678] maybe will good solution if I correct understand how it's work.

[AveYo]

Not using a wider wildcard was intended, as forcing it on a truly incompatible build would be just a waste of time, bandwidth, storage, plus disappointment. But that's basically the gist of adding known builds that work yourself!

[AveYo]

@nondetect, I have decided to make it a bit more future proof by extending the detection to include 2-9 Tho I'm willing to bet next time they will jump the first digit instead ;)

I also combined both my original bypass methods (/Product Server and nullifying appraiserres.dll) dynamically so that it shows Installing Windows 11 regardless of setup run from iso or from windows update. Not much practical difference from Installing Windows Server label as I've said time and time again. If the host os is corrupted/bad drivers/no space, setup will fail the same, either way.

[nondetect]

Tho I'm willing to bet next time they will jump the first digit instead ;)

I agree, such a development is very likely, taking into account the fact that they began to rewrite the kernel components on Rust. Is the use of a folder in %SystemDrive% necessary? Usually, users don't really like something unfamiliar (non-standard) "in front of their eyes" (based on personal observations). Maybe it's better to put it somewhere in %appdata% or somewhere else?

[AveYo]

Before it was in %public% aka C:\Users\Public, but some dummy made a blanket Sigma rule about such location and all AV's that make use of Sigma rules for heuristics flag it without probable cause (until whitelisted). To be fair, it's better to have it more in the open, because it is such a set-it-and-forget-it script not requiring revisions for months and months, that people forget ever adding it. And when an issue happens, have no idea - at 22H2 release, people had older than v6 installed and forgot! And in a multi-user environment, it makes sense for it to be outside any specific profile location. Can always hide the folder manually.

[nondetect]

Can always hide the folder manually

Maybe make it hidden by default "attrib +h %systemdrive%\script"?

[feeas]

The new Skip_TPM_Check_on_Dynamic_Update.cmd causes 0x80070002 error when Windows updates version 25905.

[rpodric]

@feeas You mean when checking WU from the previous build and trying to get to that build, or on that build and just running WU (even though there's little or nothing to update)?

[feeas]

@rpodric My machine is 25393, I want to upgrade to 25905. new Skip_TPM_Check_on_Dynamic_Update.cmd is not only broken WU also damages the iso installation. Using old Skip_TPM_Check_on_Dynamic_Update.cmd to install 25905 iso , it will roll back to 25393 and display safe_os error when reboot, new Skip_TPM_Check_on_Dynamic_Update.cmd directly causes setup.exe to crash.

[feeas]

@rpodric When I run the new Skip_TPM_Check_on_Dynamic_Update.cmd again to uninstall the patch, 25393 iso setup.exe can start normally.

[nondetect]

The new Skip_TPM_Check_on_Dynamic_Update.cmd causes 0x80070002 error when Windows updates version 25905.

Can confirm that issue, and I figured out why it's happening. It's happened because copy command can't create folder in root disk (for example C:)

[AveYo]

The new Skip_TPM_Check_on_Dynamic_Update.cmd causes 0x80070002 error when Windows updates version 25905.

Can confirm that issue, and I figured out why it's happening. It's happened because copy command can't create folder in root disk (for example C:)

damn. simple stuff. I have that folder already (generated by Edge_Removal) and did not check

[AveYo]

@nondetect, can you try again with the update I just made?

[feeas]

@AveYo Using the latest Skip_TPM_Check_on_Dynamic_Update to install 25905 iso, the error '0xC1900101 - 0x20017 Installation failed during safe OS phase with an error during boot operation' is displayed after restarting.

[AveYo]

@feeas the very fact that it went to that point means the bypass is working

setup fails for other reason
specially so for this latest canary build that is all kind of bugged atm

• as always, first do an in-place upgrade = repair with the build you're running now, from mounted iso
• most asus mainboards are no-go
• many usb devices are a no-go (uninstall and unplug any usb game pads, webcams, even printers)
• 3rd party AV are a no-go (revert to Defender)
• you need more free space on c: ( usually up to 20GB, but now it's more so ~30GB to be safe )
• some host builds fail no matter what (it failed for me too on 22621, so I had to upgrade to 23481 as an intermediary step)

[nondetect]

@AveYo checked new script version on fully updated 22621 to DEV and Canary without MS account using OfflineInsiderEnroll, work's fine on PC without TPM module

[corhsin]

Win11 21H2 latest updates today. auto 11 MediaCreationTool.bat (clips text and) yields: mment to start create iso directly in current folder - or rename script: "iso 20H2 MediaCreationTool.bat" DEF=1 _query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" "DisplayVersion" OS_VID starts unattended upgrade / in-place repair / cross-edition do if /i %%s equ %%E set "EDITION=%%E") t OPTIONS=%OPTIONS% /DynamicUpdate Enable) erprise%) d, creating media without script modification "%>% 30fe94ba530/products_Win11_20211115.cab" nload.microsoft.com/download/8/3/e/83e5badb-90bd-45c0-b868-28ada88230a0/products_win10_20211029.cab" _refresh" & set "CT=2020/09/" & set "CC=1.4" ge to activate usability and security fixes e" & set "CT=2017/03/" & set "CC=1.0" om/download/C/F/9/CF9862F9-3D22-4811-99E7-68CE3327DAE6/MediaCreationTool.exe" set "CC=1.0" %%s /v ColorTable11 /d 0xd6d661 /t reg_dword /f ORK directory to prevent issues and preserve current one as ROOT Windows 11 Version 21H2 22000.318.211104-1236.co_release_svc_refresh en-US Consumer x64

https://software-download.microsoft.com/download/pr/888969d5-f34g-4e03-ac9d-1f9786c69161/MediaCreationToolW11.exe The system cannot find the batch label specified - DOWNLOAD https://download.microsoft.com/download/1/b/4/1b4e06e2-767a-4c9a-9899-230fe94ba530/products_Win11_20211115.cab The system cannot find the batch label specified - DOWNLOAD

ERROR Check urls in browser | del ESD dir | use powershell v3.0+ | unblock powershell | enable BITS serv Press any key to continue...

Thank you for your great work on this.

[AveYo]

@corhsin that's unrelated to this issue, but it's on my radar to update