AveYo / MediaCreationTool.bat

Universal MCT wrapper script for all Windows 10/11 versions from 1507 to 21H2!
MIT License
8.95k stars 3k forks source link

Skip TPM Check v10 on new Dev channel build 23403 not working. #252

Closed nondetect closed 11 months ago

nondetect commented 1 year ago

The problem appears on reboot and "working with updates". No "work with updates" occurs after clicking restart to install the update. The computer just restarts as usual. It says: Windows 11 Insider Preview 23403.1001 (ni_prerelease) installation error is 0xc1900130 in center update. The update itself is downloaded and completes the installation.

Originally posted by @sam20112011 in https://github.com/AveYo/MediaCreationTool.bat/issues/57#issuecomment-990108850

Attached Partner folder from $WINDOWS.~BT However, SkipTPM v6f or v7, what related to these issues, is working on new Dev channel. On another side on new Canary channel SkipTPM v10 works great.

qbikXVI commented 1 year ago

Https://software-download.microsoft.com/download/pr/888969d5-f34g-4e03-ac9d-1f9786c69161/MediaCreationToolW11.exe MediaCreationTool11.exe download failed https://download.microsoft.com/download/1/b/4/1b4e06e2-767a-4c9a-9899-230fe94ba530/products_Win11_20211115.cab

ERROR Check urls in browser | del ESD dir | use powershell v3.0+ | unblock powershell | enable BITS serv Press any key to continue . . . don't work(

rpodric commented 1 year ago

@nondetect Thanks for the heads-up. I was attempting to use WU (with v10) to get from 22H2 to 23403 and found the same issue. WU cited 0xc1900130, but I noticed EV termed it 0x80242016. In any case, no matter how many times you try the WU install, it'll just reboot right back into Windows and not actually finish the install.

Before finding your message about v7, I then tried what I thought was "old reliable," which is making an ISO, mounting it, and then installing that way. But that way fails the TPM 2.0 and Secure Boot check, which of course shouldn't happen when the bypass is in effect.

This is when I found your message, put on v7, and now the ISO works (though interestingly, it skips a few of the introductory screens, something I've never seen it do before). I imagine WU would have worked, too, but since I already had the ISO I didn't try it.

rpodric commented 1 year ago

New build, 23419, is out today if anyone wants to test v10 against it, but I'm sticking with v7 for now as I don't really have any expectation that 23419 would make a difference.

nondetect commented 1 year ago

New build, 23419, is out today if anyone wants to test v10 against it, but I'm sticking with v7 for now as I don't really have any expectation that 23419 would make a difference.

I tested with v10 - don't work, with v7 and v8 - work, for those who previously update from release/beta -> 23403 with v7 need again use v7 script for update from 23403 -> 23419

AveYo commented 1 year ago

Sorry for being away for such a long time.
Dev builds have been rebased. 25xxx for Canary, 23xxx Dev, 22000 Beta
I did not anticipate a rebase, was thinking they are going to use 26xxx, so the code had this detection line: if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[256]"
The fix is simple, just had to add the 23xxx builds to that findstr regex:
if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[235]" Will update the script as soon as I can.

nondetect commented 1 year ago

Sorry for being away for such a long time. Dev builds have been rebased. 25xxx for Canary, 23xxx Dev, 22000 Beta I did not anticipate a rebase, was thinking they are going to use 26xxx, so the code had this detection line: if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[256]" The fix is simple, just had to add the 23xxx builds to that findstr regex: if %VER% == 11 findstr /r "P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0.\..0.\..2.[235]" Will update the script as soon as I can.

Thank you for explaining how its work, think it in near future(month or above) goes to 26xxx or above (current build 25905), so [2345678] maybe will good solution if I correct understand how it's work.

AveYo commented 1 year ago

Not using a wider wildcard was intended, as forcing it on a truly incompatible build would be just a waste of time, bandwidth, storage, plus disappointment. But that's basically the gist of adding known builds that work yourself!

AveYo commented 1 year ago

@nondetect, I have decided to make it a bit more future proof by extending the detection to include 2-9 Tho I'm willing to bet next time they will jump the first digit instead ;)

I also combined both my original bypass methods (/Product Server and nullifying appraiserres.dll) dynamically so that it shows Installing Windows 11 regardless of setup run from iso or from windows update. Not much practical difference from Installing Windows Server label as I've said time and time again. If the host os is corrupted/bad drivers/no space, setup will fail the same, either way.

nondetect commented 1 year ago

Tho I'm willing to bet next time they will jump the first digit instead ;)

I agree, such a development is very likely, taking into account the fact that they began to rewrite the kernel components on Rust. Is the use of a folder in %SystemDrive% necessary? Usually, users don't really like something unfamiliar (non-standard) "in front of their eyes" (based on personal observations). Maybe it's better to put it somewhere in %appdata% or somewhere else?

AveYo commented 1 year ago

Before it was in %public% aka C:\Users\Public, but some dummy made a blanket Sigma rule about such location and all AV's that make use of Sigma rules for heuristics flag it without probable cause (until whitelisted). To be fair, it's better to have it more in the open, because it is such a set-it-and-forget-it script not requiring revisions for months and months, that people forget ever adding it. And when an issue happens, have no idea - at 22H2 release, people had older than v6 installed and forgot! And in a multi-user environment, it makes sense for it to be outside any specific profile location. Can always hide the folder manually.

nondetect commented 1 year ago

Can always hide the folder manually

Maybe make it hidden by default "attrib +h %systemdrive%\script"?

feeas commented 1 year ago

The new Skip_TPM_Check_on_Dynamic_Update.cmd causes 0x80070002 error when Windows updates version 25905.

rpodric commented 1 year ago

@feeas You mean when checking WU from the previous build and trying to get to that build, or on that build and just running WU (even though there's little or nothing to update)?

feeas commented 1 year ago

@rpodric My machine is 25393, I want to upgrade to 25905. new Skip_TPM_Check_on_Dynamic_Update.cmd is not only broken WU also damages the iso installation. Using old Skip_TPM_Check_on_Dynamic_Update.cmd to install 25905 iso , it will roll back to 25393 and display safe_os error when reboot, new Skip_TPM_Check_on_Dynamic_Update.cmd directly causes setup.exe to crash.

feeas commented 1 year ago

@rpodric When I run the new Skip_TPM_Check_on_Dynamic_Update.cmd again to uninstall the patch, 25393 iso setup.exe can start normally.

nondetect commented 1 year ago

The new Skip_TPM_Check_on_Dynamic_Update.cmd causes 0x80070002 error when Windows updates version 25905.

Can confirm that issue, and I figured out why it's happening. It's happened because copy command can't create folder in root disk (for example C:)

AveYo commented 1 year ago

The new Skip_TPM_Check_on_Dynamic_Update.cmd causes 0x80070002 error when Windows updates version 25905.

Can confirm that issue, and I figured out why it's happening. It's happened because copy command can't create folder in root disk (for example C:)

damn. simple stuff. I have that folder already (generated by Edge_Removal) and did not check

AveYo commented 1 year ago

@nondetect, can you try again with the update I just made?

feeas commented 1 year ago

@AveYo Using the latest Skip_TPM_Check_on_Dynamic_Update to install 25905 iso, the error '0xC1900101 - 0x20017 Installation failed during safe OS phase with an error during boot operation' is displayed after restarting.

AveYo commented 1 year ago

@feeas the very fact that it went to that point means the bypass is working

setup fails for other reason
specially so for this latest canary build that is all kind of bugged atm

nondetect commented 1 year ago

@AveYo checked new script version on fully updated 22621 to DEV and Canary without MS account using OfflineInsiderEnroll, work's fine on PC without TPM module

corhsin commented 1 year ago

Win11 21H2 latest updates today. auto 11 MediaCreationTool.bat (clips text and) yields: mment to start create iso directly in current folder - or rename script: "iso 20H2 MediaCreationTool.bat" DEF=1 _query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" "DisplayVersion" OS_VID starts unattended upgrade / in-place repair / cross-edition do if /i %%s equ %%E set "EDITION=%%E") t OPTIONS=%OPTIONS% /DynamicUpdate Enable) erprise%) d, creating media without script modification "%>% 30fe94ba530/products_Win11_20211115.cab" nload.microsoft.com/download/8/3/e/83e5badb-90bd-45c0-b868-28ada88230a0/products_win10_20211029.cab" _refresh" & set "CT=2020/09/" & set "CC=1.4" ge to activate usability and security fixes e" & set "CT=2017/03/" & set "CC=1.0" om/download/C/F/9/CF9862F9-3D22-4811-99E7-68CE3327DAE6/MediaCreationTool.exe" set "CC=1.0" %%s /v ColorTable11 /d 0xd6d661 /t reg_dword /f ORK directory to prevent issues and preserve current one as ROOT Windows 11 Version 21H2 22000.318.211104-1236.co_release_svc_refresh en-US Consumer x64

https://software-download.microsoft.com/download/pr/888969d5-f34g-4e03-ac9d-1f9786c69161/MediaCreationToolW11.exe The system cannot find the batch label specified - DOWNLOAD https://download.microsoft.com/download/1/b/4/1b4e06e2-767a-4c9a-9899-230fe94ba530/products_Win11_20211115.cab The system cannot find the batch label specified - DOWNLOAD

ERROR Check urls in browser | del ESD dir | use powershell v3.0+ | unblock powershell | enable BITS serv Press any key to continue...

Thank you for your great work on this.

AveYo commented 1 year ago

@corhsin that's unrelated to this issue, but it's on my radar to update