Windows Feature Update with Full Disk Encryption

When deploying a Windows feature update on a computer with full disk encryption enabled, Patch Management for Windows passes the SetupConfig.ini location to Windows. Windows then uses the ReflectDrivers information in the SetupConfig.ini file to access the encryption drivers and retrieve the required drive details to perform the upgrade.

Most third-party vendors use Microsoft’s default SetupConfig.ini folder, but some products apply a custom location.

The use of custom locations can lead to potential feature update installation failures where Windows is not passed the custom SetupConfig.ini location.

Where Windows is unable to access the encryption drivers and install the feature update, it writes the following error message to the SetupDiag logs: %WinDir%\Logs\SetupDiag\SetupDiagResults.xml

0xC1900101 - 0x20017 - The installation failed in the SAFE_OS phase with an error during BOOT operation

Configure Custom SetupConfig.ini Location

To support those products that use a custom SetupConfig.ini folder, we have included the option to insert the SetupConfig.ini location in the FeatureUpdateConfigFilePath node of the Patch Management for Windows PmeConfig.xml configuration file.

Patch Management for Windows will only use the FeatureUpdateConfigFilePath node where populated, otherwise, it will query Microsoft’s default SetupConfig.ini location: %systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini

To configure the custom SetupConfig.ini location:

  1. Log in to the target computer

  2. Navigate to the PmeConfig.xml location: %programdata%\MspPlatform\PME\config\PmeConfig.xml

  3. Open PmeConfig.xml in a text editor

  4. Insert the custom location of the SetupConfig.ini file in the FeatureUpdateConfigFilePath node. For example

  5. <FeatureUpdateConfigFilePath>C:\Progam Files\Product\Data\SetupConfig.ini</FeatureUpdateConfigFilePath>

  6. Save the file

Third-party vendors are responsible for managing and maintaining their SetupConfig.ini files. We recommend reviewing the vendor's full-disk encryption documentation and SetupConfig.ini file location before making changes to PmeConfig.xml.

Please validate the custom location of the SetupConfig.ini file on the computer before adding it in PmeConfig.xml. If the entered location is incorrect, Patch Management for Windows will be unable to pass the SetupConfig.ini information to Windows.