When creating reference images for Windows 10 or Windows 11, Sysprep is very likely to fail if the machine has Internet access, and have enough time to start updating it's built-in applications, or install new ones as part of the consumer experience feature. This post is about preventing that from happening, and is a companion to my guides on building Windows 10 and Windows 11 reference images.
The issue is explained in a KB from Microsoft, but it's workaround are not very good for automation purposes.
Sysprep fails after you remove or update Windows Store apps that include built-in Windows images
http://support.microsoft.com/en-us/kb/2769827
Note #1: This is a quite long post, and if you just want the fix, scroll to the end, to the Fixing the problem section. But if you want to pick some background info, and possibly learn something new in the process, continue as you were 🙂
Note #2: Lately I have started to simply limit Internet access to the virtual machines I'm using for reference images, especially for Windows 11 that is quite aggressive in updating for example the OneDrive application.
Symptom
If modern apps in Windows 10 are being updated during the build and capture of a reference image, Sysprep may fail because it cannot remove the update. Note that this doesn't happen all the time, it's a timing issue, but it sure happen often enough to be an issue.
If that happens you will get the following error in the BDD.LOG and LTISysprep.log log files:
Expected image state is IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE, actual image state is IMAGE_STATE_COMPLETE, sysprep did not succeed.
FAILURE ( 6192 ): ERROR – Sysprep did not complete successfully, check C:windowssystem32syspreppanthersetupact.log for details

Then, in the C:WindowsSystem32SysprepPanthersetuperr.log you see the following (or similar):
Error SYSPRP Package Microsoft.DesktopAppInstaller_1.0.1471.0_x64__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
Error SYSPRP Failed to remove apps for the current user: 0x80073cf2.
Error SYSPRP Exit code of RemoveAllApps thread was 0x3cf2.
Error [0x0f0082] SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing 'SysprepGeneralizeValidate' from C:WindowsSystem32AppxSysprep.dll; dwRet = 0x3cf2
Error SYSPRP SysprepSession::Validate: Error in validating actions from C:WindowsSystem32SysprepActionFilesGeneralize.xml; dwRet = 0x3cf2
Error SYSPRP RunPlatformActions:Failed while validating SysprepSession actions; dwRet = 0x3cf2
Error [0x0f0070] SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 0x3cf2
Error [0x0f00d8] SYSPRP WinMain:Hit failure while pre-validate sysprep generalize internal providers; hr = 0x80073cf2
This is what it looks like during the MDT build and capture process.
More Details of the modern apps
Now, the above log is quite obvious, an app named Microsoft.DesktopAppInstaller_1.0.1471.0 was being installed or updated, and Sysprep could not remove it.
To see which modern applications that you have in your system, for the Administrator user account in this case. You can just run Get-AppxPackage in a PowerShell prompt, or (Get-AppxPackage).count to see the number of apps. For a Windows 10 v1607 CB machine, that did not update any built-in updates, I had 54 apps installed. Whereas as system which had been allowed to update them had 58 apps.
A Windows 10 v1607 CB machine with no updates allowed, showing 54 apps.
A Windows 10 v1607 CB machine with updates allowed, showing 58 apps.
But what about apps being actually updated? Well, you can get additional info via the Event Viewer. You go to Microsoft / Windows / AppXDeployment-Server / Microsoft-Windows-AppXDeploymentServer / Operational and filter on Event ID 478 to see successful updates.
The Event Viewer with a filter on ID 478 showing installations of modern apps.
More PowerShell
You can also view this using PowerShell, but you have to use the Get-WinEvent cmdlet, because Get-EventLog can handle only classic event logs (System/Setup/Application etc.). So here is the command to list installations/updates for Windows 10 applications.
Get-WinEvent -LogName "Microsoft-Windows-AppXDeploymentServer/Operational" | Where-Object {$_.ID -eq 478} | Select TimeCreated,Message | Format-Table -AutoSize -Wrap
Using PowerShell to list event log entries of installed/updated applications in Windows 10.
If you compare the count of apps, from the event log, from a system having the apps being updated or not (by simply putting the command in parentheses, and add a .count), you find that a system allowed to have the apps updated will have over hundred of apps, whereas as system with no Internet access, or updates being disabled will have less than hundred.
Below is the out from a system without updates to the modern apps in Window
s 10 v1607 CB, a total of 82 entries for the apps. Another machine that I deployed, and allowed it to update, it ended up with 136 entries for the apps.
A Windows 10 machine with no updates, showing 82 entries for apps in the event log.
A Windows 10 machine with updates, showing 136 entries for apps in the event log.
Fixing the problem
The obvious fix for the problem is denying the virtual machine Internet access. No Internet access means no updates breaking Sysprep 🙂
Update: Seems like setting HideShell=YES in cs.ini also prevents apps from coming down. Of course, that also stops you from doing anything interactive during the build and capture process, but hopefully you don't need that once you nailed your task sequence. Big thanks to Roman Zuravljov for that tip.
But what if the preceding fix is not an option?
What if you need Internet access for other reasons? Well, keep on reading
Fix the Sysprep issues by adding a script to disable Store Updates as well as Consumer Experience Apps
Simply add a script that sets the needed registry values during the offline WinPE phase. So that Windows Store updates and the Consumer Experience features are disabled even before Windows 10 starts the first time. Very Shiny.
Note #1: The script has a dependency to ZTIUtility.vbs, so if put it into another folder, make sure to copy ZTIUtility.vbs with it, or update the reference in line 2 of the script.
Note #2: Disabling the Consumer Experience feature is only available for Enterprise and Education editions of Windows 10. So, if your using Windows 10 or Windows 11 Pro, you have to either disable Internet access or try the HideShell=YES settings in cs.ini.
Note #3: This script was initially developed for Windows 10 1709 and Windows 10 1809. I have not done much testing on newer versions of Windows 10, nor Windows 11. These days I typically just disable Internet access on the VM I'm building 🙂
Here is the script: http://github.com/DeploymentResearch/DRFiles/blob/master/Scripts/Config-DisableWindowsStoreUpdates.wsf
1. Copy the script to your deployment share / scripts folder, and configure your build and capture task sequence to run it in the Postinstall phase (WinPE phase).
Name: Disable Windows Store Updates
Command line: cscript.exe "%SCRIPTROOT%\Config-DisableWindowsStoreUpdates.wsf"
Task Sequence configured to disable updates of Windows Store applications during the first WinPE phase.
Enabling updates once again before capture
Unless you are enabling these features via GPO during deployment, it makes sense to enable them once again just before capture. Again in the offline WinPE phase.
Note: Also this script has a dependency to ZTIUtility.vbs, so if put it into another folder, make sure to copy ZTIUtility.vbs with it, or update the reference in line 2 of the script.
Here is the script: http://github.com/DeploymentResearch/DRFiles/blob/master/Scripts/Config-EnableWindowsStoreUpdates.wsf
1. Copy the script to your deployment share / scripts folder, and configure your build and capture task sequence to run it in the end of the State Restore phase (second WinPE phase).
Name: Enable Windows Store Updates
Command line: cscript.exe "%SCRIPTROOT%\Config-EnableWindowsStoreUpdates.wsf"
Task Sequence configured to enable updates of Windows Store applications just before capture.
Written by Johan Arwidmark.
<assemblyIdentity name="Microsoft-Windows-AppX-Sysprep" version="10.0.18362.356" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity>
<sysprepOrder order="0x1A00"></sysprepOrder>
<sysprepValidate methodName="SysprepGeneralizeValidate" moduleName="$(runtime.system32)\AppxSysprep.dll"></sysprepValidate>
<sysprepModule methodName="SysprepGeneralize" moduleName="$(runtime.system32)\AppxSysprep.dll"></sysprepModule></imaging><imaging exclude="">
Thanks for the info, I have not tried that (yet)
/ Johan
It works….! Thanks
Hallo Johan, I tried running a VM gen2 with modern NIC etc and could use PXE and create an MDT reference image but the sysprep/capture step would fail at the end of the TS, as opposed to when I try it with a gen1 VM with legacy network adapter. So is the gen1 + legacy NIC still a requirement, even with latest Windows Server 2022 and ADK for Win 11? (meaning everything on latest version) I'm asking because I thought the gen1/legacy adapter requirement was only for making PXE work in a Hyper-V VM (this works without problem now with… Read more »
Hi Bavo,
Sorry for the very late reply, but I haven't tried creating a reference image from a UEFI-based VM. The Setupact.log from Sysprep should give you some clues.
I used the scripts and it didn't work, the hideshell did.
Johan,
Line 5 of the Config-EnableWindowsStoreUpdates.wsf is missing a "Then" Statement. Also, Thank you for all that you do….
Thanks for that, script has been updated.
Regarding the Enable/Disable Windows Store scripts: I think I followed your instructions for setting up these two scripts. When running the TS, however, I am met with failure. The error message is: Failed to run the action: Disable Windows Store Updates. Incorrect function. (Error: 00000001; Source: Windows) I added the scripts to the script directory and set the steps up according to the instructions laid out in this post. Additionally, I read the entire post https://deploymentresearch.com/fixing-why-sysprep-fails-in-windows-10-due-to-windows-store-updates/ update: using version 1909, i ran the image creation and it didnt fail on the part which causes the need for these scripts anyway.… Read more »
I don't know if that has been fixed in 1909, but send me a message on LinkedIn, and I can probably help figure out why it failed. https://www.linkedin.com/in/jarwidmark/
IS there a resolution for this??
The script should work now, was updated recently for a bug found.
I'm getting an error when I run the script to Disable Windows Store Updates in Win10 Pro 1903. The error is:
Property LogPath is now = C:\MININT\SMSOSD\OSDLOGS
Microsoft Deployment Toolkit version: 6.3.8330.1000
Property Debug is now = FALSE
Getting crrent OS drive letter
Current OS drive letter is
About to configure offline registry settings
Windows version applied to harddrive is
Load the offline registry file
Unable to find the new OS registry file; Windows Store settings cannot be updated.
Do you have any ideas what I might be doing wrong?
Windows 10 Professional does not support disabling consumer experience apps via policy. For Windows 10 Pro, I recommend using OSDBuilder to create an updated image, and then disable Internet access on the VMs you use to build reference images. / Johan
Hi, i tryed to enable windows store updates using your script when we reboot the system and starts the second Windows PE phase, but the script got error and didn't capture the .wim. If you can help me on this case, please.
What version of Windows 10 are you building an image of?
Anyway, for troubleshooting, add a pause before the action the runs the script, and try to run it interactively via command prompt (F8). / Johan
Hello Johan,
Thanks for your reply. I maked mistake when i copied cscript.exe "%SCRIPTROOT%\Config-EnableWindowsStoreUpdates.wsf", i dont know how but when i pasted this parameter, his insert space between % and \. After i saw this fail, i repair and done kkkk. So, in windows 10 pro i needed to use another script that remove all of Built-in apps to got capture the reference image.
Not sure why a space was added, I just tried copy the command line from the blog into Notepad, and there were no extra space. For Windows 10 Pro you can use a media that been service offline with the latest updates already, and simply deny Internet access on the VM you use to build the image. / Johan
Can you use this process with Win 10 Enterprise as well?
Yes, this process works for both Windows 10 Enterprise and Windows 10 Education (but not Windows 10 Professional). / Johan
Hi,
I have the same issue. But i solve it by cleaning up (remove) all other users profile except local administrator's.
I'm glad it worked for you, but I have seen this happening even with just a local admin account. Preventing Internet access, or disabling the updates have been the only solid way of preventing this.
Removing all profiles except local worked for me too.
You've missed the \ in your command line
Thanks, I lost some "\" during the migration to WordPress. Fixing it now. / Johan