Windows 10 KB4056892 update will not install

Reset a Surface Pro 4 and started installing updates.   The following update will not install "2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892)"  It always stops at 99%., the error message is  - "There were some problems installing updates, but we'll try again later. (0x800705b4)"  I reboot it goes through at least an hour long process of updating and then shows that it didn't install and starts downloading again.   Just continues in this looping process.

Bare bones install, no anti-virus or any applications loaded.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
It may be a driver issue preventing this.

First, update BIOS and Chipset from the Microsoft Surface download site.

Then, and especially since nothing has been loaded, run a Repair Install to further upgrade drivers.

Go to the Media Creation Link

Windows 10 is running, so click on the Download button (not Upgrade Button, select Open (Run) but NOT Save. Allow the program to run. Allow drivers to update. Then select Keep Everything.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mal OsborneAlpha GeekCommented:
That particular patch was rushed, and seems to be a bit "unfinished".  You might want to wait a while and see if Microsoft release a more stable version of this patch.
Gee M$ releasing buggy patches.
Who would have thought?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

JohnBusiness Consultant (Owner)Commented:
I have that very update running on 3 systems here and several at clients with no issue (but not Surface machines).

In addition to the above did you try the updates I suggested?
Mitul PrajapatiIT SupervisorCommented:
It is the security update against meltdown and Spectre vulnerabilities. (Latest vulnerabilities)

Check the registry setting exactly matching the below registry settings in order to install this patch.

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”

After this, try to reinstall this update.  Good Luck.
Cliff GaliherCommented:
The update was rushed because a vulnerability was disclosed early. That's not ry on Microsoft. They didn't disclose the attack vector.  It was release early, or else systems vulnerable. Which would YOU rather have?

With that said, MS actually did do enough testing  contrary to your claim, that they identified some issues. There are deep kernel level changes being made to protect the OS from spewing secrets (again, not an MS bug  but a hardware bug that also requires Linux patches.)  Anti-virus programs tend to also hook into the kernel several layers deep in the name of monitoring behavior to do their protection. Some AV vendors do so in an undocumented and u supported way. And kernel changes cause them to blue screen.

So Microsoft made the patch in a way that it would ONLY Install if a *new* registry key exists. And that registry key will only exist if an anti-virus program sets it. This means AV vendors have to actively push an update that sets the key... Basically saying "yes, we've tested/updated our program and we won't blue screen when this patch installs."

That's a very responsible way to protect end users who might otherwise be running that three year old trial anti-virus program gatbhasnt updated on forever and would definitely blue screen.

Dont expect MS to change or release a" more stable" version. Meltdown and Spectre are bad. Very bad. MS has been planning this for MONTHS coordinating with other vendors does and... Yes... Checking in code into Linux.

The update will install when your AV is up to date. Binckudinf the built in windows defender. But that can often Mena multiple updates with multiple reboots in between.

*DO NOT* set the registry key manually. It was created as a safety valve and is designed for vendors for a reason. Let that process work as intended.
Although I agree with most, Cliff, the registry key is not the reason.
If the key isn't there, the patch won't even be detected automatically.
If it is detected automatically, you can be sure that the keys are there.
If the patch is downloaded manually and then installed without the reg keys present, it installs.

So rather another instance of "updating components are broken" which is usually fixed doing an inplace upgrade using the setup ISO of the OS.
RaminTechnical AdvisorCommented:
Open a Command prompt as Administrator and type / paste below command:
DISM.exe /Online /Cleanup-image /Restorehealth
then Hit Enter.

Also try Windows Update Troubleshooter.

Related link:
WebccAuthor Commented:
So I followed John's recommendation and that appears to have fixed it.  
Thanks for everyone's input.
JohnBusiness Consultant (Owner)Commented:
Thanks for the update and I was happy to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.