This project has moved. For the latest updates, please go here.

Windows 10 version 1511, build 10586 update fail


I've encrypted my whole system drives on a few laptops running Windows 10.

I've just had the version 1511, build 10586 (TH2) update download and install to 100% but VeraCrypt seems to interfere as once the password is entered correctly after the update restart W10 boots into the recovery menu thing asking whether to restore pc as it couldn't start it.

If I power off the device W10 boots fine but the 10586 update hasn't applied and begins downloading again.

Has anyone else had this issue or know what could be wrong?


scout44 wrote Nov 16, 2015 at 5:10 PM

Had the same problem exactly. Had to decrypt system partition, install 1511, then encrypt system partition. Did this to a X64 WIN 10 Pro Desktop and a X64 WIN 10 Home Laptop. Up til now, the "normal" WIN 10 daily updates, including those requiring restart, were working fine. Please note that I installed the 1511 upgrade by downloading the ISO and starting 'Setup.exe' from the running WIN 10. Without Decrypting sysres, got the exact same failure as you. After decrypting, worked fine except for the xtra steps. Using SSD's so much less painful that it could have been.

dancedar wrote Nov 17, 2015 at 11:56 AM

I'm wary as to whether to install VC again or simply go back to TrueCrypt as I can't be doing this every big update Microsoft throws at us :/

idrassi wrote Nov 17, 2015 at 12:27 PM

@scout44: Thank you for the information.

@dancedar: TrueCrypt would have had the same problem. It is this specific Windows update that seems to disable filter drivers used for on the fly encryption and if Windows was encrypted using TrueCrypt, it would have failed too. There is nothing magical in TrueCrypt driver that would have prevented this.

Microsoft is doing something nasty in the update installer. VeraCrypt driver is working as expected but this installer clearly blocks it during the process of updating the system. By doing this, Microsoft is breaking FDE software other than Bitlocker and Microsoft partners ones.

What is the best way to report this to Microsoft? Obviously, on VeraCrypt, we are lacking man power to investigate further such deep kernel blocking by the update installer.

Enigma2Illusion wrote Nov 17, 2015 at 6:35 PM


Will this method work for contacting Microsoft support in Windows 10? Granted it is front-line support and not engineering.

Enigma2Illusion wrote Nov 18, 2015 at 4:10 AM

I do not have Windows 10, however I do use Macrium Reflect Home edition and saw these two posts on the Macrium forum that Windows 10 build 10586 creates a new 450MB System Reserved partition.

I guessing this is causing issues for Windows 10 system encryption using VeraCrypt.

Enigma2Illusion wrote Mar 5, 2016 at 8:13 PM

Correction: Window 10 patch can shrink the C partition to add the 450 MB Recovery Partition, not a new System Reserved partition.

jelhan wrote Apr 20 at 12:35 PM

Is this still an issue? Information at wiki page Known Issues & Limitations are vague for Windows 10. It says that "the system cannot be upgraded (for example, from Windows XP to Windows Vista)" if system drive is encrypted. "In such cases, the system partition/drive must be decrypted first." But on the other hand it states: "A running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted." But how should we understand a change from Windows 10 Version 1607 (Anniversary Update) to Version 1703 (Creators Update)? Is it an update or an upgrade?