Windows 10 KB4023057 installations fails with error 0x80070643

This is another post for my own use, but others may find it helpful.

The problem is Windows update KB4023057, which fails to install.  It is a re-release of a December update of the same title, and the problem is that it was likely already installed.

Note that Build 1809 and any subsequent updates will not install until this issue is resolved.

You’ll see the following message in Windows Updates:

Despite the convoluted (and sometimes dangerous) “solutions” you’ll find on the internet, the answer is pretty obvious: uninstall the previous version and let Windows Update install the new version. You can confirm that this is the issue in the Windows Event Viewer under Administrative Events:

Note that unlike most Windows updates, this package appears in Control Panel under Programs and Features. Select it and then uninstall.

Then reboot, go to Windows update, and check for new packages. This update should install correctly.

 

Windows Metadata Service Error

This is a tech post primarily for my own use. It involves a change to the Windows 10 Registry, and it is not for newbies. You can turn your machine into a doorstop if you get it wrong.

I’ve started to notice repeated errors in the Windows Event Logs following installation of the Windows 10 Fall Creators Update. This issue occurred in four machines following this update, and it interferes with the startup of a number of services and devices:

The source of the problem lies in a bad key in Windows Registry, apparently due to a URL change at Microsoft.

Registry Key:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata

Incorrect Value:

http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

Change To:

http://dmd.metaservices.microsoft.com/dms/metadata.svc

 

About This Ransomware Thing

The news media are breathlessly scaring the hell out of everybody lately, warning us of impending doom that awaits us from WannaCry, the latest in a series of ransomware viruses.

Where did this modern scourge of civilization as we know it come from, for goodness’ sake? Uh….a leak from the NSA, sometimes known as Nobody’s Safe Anymore. They have an inventory of hidden vulnerabilities in Windows they choose not to pass on to Microsoft so they can be addressed. Never know when they might come in handy for super secret government work, you know.

Despite all the hysterical media talk, WannaCry is not a “worm”. A worm is an attack on your router. WannaCry is a virus, and you get it from email attachments and poisoned links in email. You don’t “catch it” from toilet seats, either. You trigger it yourself.

By the time you see the ransomware demand screen, it’s already too late. Brace yourself for a really bad day. You’re screwed. Any attached backup drive is also screwed, and so are those “safe files” you have secreted on DropBox, GoogleDrive or Microsoft’s OneDrive. As soon as these files are corrupted on your local machine, they’re synchronized with your cloud storage files.

I had a consulting client attacked last fall with an earlier version of WannaCry, called Zepto, and it wiped out a large public self-storage business. See story below. Their database, email, documents, photos, and their backup drive got completely encrypted. The only thing that didn’t get wiped out was Windows itself, which the virus left unperturbed. Purely by luck, other machines on the network were unaffected in this case, possibly because we immediately hit the power switch on all connected machines before it spread. I don’t know if WannaCry behaves the same way, and I don’t want to find out.

Recovery started with disconnecting the infected machine from the network and removing the active part of the virus. Zepto renames encrypted user files as *.zepto. User files were completely unrecoverable, and they were deleted from a DOS prompt with:

“c:\del *.zepto /s”.

You might as well delete them, because you’ll never see their unencrypted contents again. Unfortunately, this machine was used as a peer-to-peer “server” for a critical shared app. It was toast.

Ultimately, I reformatted the machine, brought the Windows updates current and reinstalled everything. It’s the only way you can be sure. Then I reinstalled the user’s management software they used to run the business. The only thing that saved us was an old off-line backup drive we had replaced six months earlier. That meant six months of daily transactions had to be manually reentered, which took a month, but they were eventually able to get back to normal operations.

I’m suggesting to my clients that they take this virus very seriously.

  1. The key word is “off-line”. Buy a second removable hard drive and swap them out after their (usually weekly) backups complete, with only one drive attached at any time. Do it nightly if you’re fastidious or have mission critical files to worry about, such as a medical facility, but most people do it weekly. Another alternative, if you have the chops to do it, is to use drive imaging software to clone your drive, and then disconnect the drive. Then it’s just a drive swap to get back in business. But bottom line, any user files you can see in Windows Explorer are going to get destroyed.
  2. Make certain that everybody understands what to do if a machine gets infected: hit the power switch on the now wasted machine and shut down every machine on the network immediately. At the same time, pull the power plug out of the router and any network switches. Minutes count.
  3. This virus uses email as an attack vector. This client had been receiving daily emails for weeks, all short, plausible messages designed to trick the unwary into clicking on an email link or to open an attachment. “Your contract is approved and needs your signature”, “Your credit card was declined. See attached.”, or simply “See invoice attached.” Finally, Bad Luck Brian (there’s one in every office) clicked on an attachment, “because I wanted to make sure it wasn’t deleting something important”, and the game was afoot. It is critically important that every person in your office understands what to watch for and to delete such messages without opening the attachments or following links in messages. It may or may not appear to be from someone you know.
  4. The most likely victims of WannaCry are older systems not running Windows 10 or systems that are not current with Windows Updates. Sometimes it’s because updates upset older software, but more often than not, Windows Update itself has gotten stuck. Many businesses depend on old or poorly designed software that will not run on Windows 7 or Windows 10. Some lazy or incompetent vendors even require you to lower your security settings in order to run at all, even under Windows 10. I currently have two such clients, so it’s not as rare as you might think. Might as well put “Kick Me” signs on them. Many process control systems, including hospitals, traffic signals and ATM machines still rely on Windows XP, believe it or not.

In the end, an off-line backup is your best protection.
 

Just Off the Turnip Truck: Microsoft Surface

Microsoft has released the next generation Surface 4. It’s surrounded by mystery. The mystery is that nobody with a lick of common sense can figure out why anyone would buy one.

The entry model, with a puny 128GB of Solid State storage, an Intel I5 processor and 4GB of memory, sells for $999.00. The flagship Surface 4 Pro bundle with a decent Intel I7 processor, 16GB of memory, and 256GB of storage, lists for $1699.00, complete with a 30 day trial copy of Office that you also have to buy. Small discounts are currently available through Best Buy and Costco, among other vendors.

These are sealed units that cannot be upgraded with larger drives, additional memory, or even a new battery. What you order, you’re stuck with. Any new apps must be purchased directly from the Microsoft Store.

I’m sure there are those who will just rush right out there and buy the latest and greatest, but the question is this: Why would anyone want to do that?

You can buy yourself one hell of a laptop for half the money. A typical mainstream Intel I5/1 TB/8GB laptop goes for around $600.00, and you can usually get out the door with an I7/1TB/8GB laptop for around $1,000.00 or less, including some of the trendy skinny ones, if you shop with a purpose and a clear head.

Not recommended, unless you’re really hip.

 

 

What’s Going On Here?

This is a sandbox site we use for development purposes. Some problems are best worked out in a “safe space” to avoid destabilizing actual client websites. This is where we go to demo new concepts for our clients, try out new WordPress themes and plug-ins, work out client problems and solve website technical issues. If something breaks, better to do it here than on a client’s active website.

Think of it as a showroom. By choice, we don’t advertise to search engines.  We’re not looking for clicks, email addresses or comments. It’s a website that will undergo change, particularly when we have a project in the works. It will never be “finished”. If you come back later, expect things to change and move around periodically.