WinRE disabled after Running PatchWinREScript_2004plus.ps1

jaybird283 561 Reputation points
2024-02-01T16:57:43.5533333+00:00

We are trying to push the bitlocker vulnerability patch KB5014443. We noticed that its failing on most of our machines. We determined that its because we don't have enough free space on our WinRE partitions. So we are following the instructions in the link below to run the PowerShell script that solves that problem. https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10#articleFooterSupportBridge=communityBridge The script says it runs successfully, but also says this: REAGENTC.EXE: Windows RE cannot be enabled on a volume with BitLocker Drive Encryption enabled. And shows that WinRE is disabled. What did I do wrong? 2024-02-01 10_52_16

And what is the harm in just leaving it this way?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,166 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
7,577 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Hania Lian (Shanghai Wicresoft Co,.Ltd.) 5,516 Reputation points Microsoft Vendor
    2024-02-05T06:44:16.7833333+00:00

    Hello, The error message you’re seeing suggests that the Windows Recovery Environment (WinRE) cannot be enabled while BitLocker is active on the same partition. Here’s steps e on how to check this issue: Disable BitLocker: Before enabling Windows RE, you need to disable BitLocker. Open an elevated command prompt and type the following command: manage-bde -protectors -disable C: Please replace “C:” with your WinRE partition drive letter if it’s different. Enable WinRE: Now you should enable WinRE with the following command in the command prompt: reagentc /enable Recheck WinRE Status: You can verify if WinRE is enabled with the following command: reagentc /info Re-enable BitLocker: Once you’ve successfully enabled WinRE, you can re-enable BitLocker using the following command: manage-bde -protectors -enable C: Again, replace “C:” with your WinRE partition drive letter if it’s different. This process temporarily removes the protection offered by BitLocker, so it’s crucial to re-enable BitLocker as soon as possible. Be sure to backup all essential data before starting this process. Best Regards,
    Hania Lian

    ---If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments