🗄️ SQL Server Update Error

Fix SQL Server Error 0x80070643

📅 Updated: Jan 12, 2026 ⏱️ 30-60 min to fix ✅ 92% Success Rate

🚀 Quick Fix Summary

Error Type: SQL Server Update Failure

Error Code: 0x80070643

Related KB: KB5014354 and other SQL Server security updates

Full Message: "Security Update for SQL Server 2017 RTM GDR (KB5014354) installation failed with error code 0x80070643" or "Fatal error during installation"

Primary Causes: SQL Server services not running (30%), corrupted Windows Installer (25%), .NET Framework issues (20%), insufficient permissions (15%), previous failed update remnants (10%)

Time to Fix: 30-60 minutes

Difficulty: Moderate to Advanced

Success Rate: 92% with proper service restart and Windows Installer repair

SQL Server security update error 0x80070643 is a critical installation failure that prevents Microsoft SQL Server (versions 2012, 2014, 2016, 2017, 2019, 2022) from receiving essential security patches through Windows Update or manual installation, leaving database servers vulnerable to known security exploits and compliance violations. This error typically appears when Windows Update attempts to install cumulative updates or security patches like KB5014354 (SQL Server 2017 RTM GDR security update), displaying "We couldn't install this update, but you can try again (0x80070643)" or through SQL Server Configuration Manager showing "Fatal error during installation" with setup logs indicating MSI installation failures. Users—database administrators, IT professionals, or developers running SQL Server locally—encounter this frustrating error after monthly Windows Update runs, when manually installing downloaded .exe updates from Microsoft Download Center, or during SQL Server service pack installations, with the update failing at various stages (10%, 50%, or near completion) and rolling back changes, leaving SQL Server at outdated, vulnerable patch levels that fail security audits and potentially expose sensitive data to SQL injection attacks, privilege escalation vulnerabilities, or denial-of-service exploits.

Error 0x80070643 in SQL Server update context stems from several technical obstacles specific to database server software: SQL Server services (SQL Server Database Engine, SQL Server Agent, SQL Server Browser) not running or in hung state preventing Windows Installer from accessing and patching executable files (accounting for 30% of failures), corrupted Windows Installer service or MSI cache causing installation process to fail when deploying update packages (25%), missing or damaged .NET Framework components that SQL Server updates depend on for installation scripts and configuration tasks (20%), insufficient administrative permissions or User Account Control restrictions blocking setup.exe from modifying SQL Server binaries and registry keys (15%), or remnants from previous failed update attempts leaving partial installations or locked registry keys that block new update installations (10%). The error code 0x80070643 specifically translates to "ERROR_INSTALL_FAILURE" or "Fatal error during installation," indicating the Windows Installer MSI engine encountered an unrecoverable problem during SQL Server patch deployment—a generic error requiring investigation of SQL Server setup logs to identify specific failure points like missing prerequisites, service control failures, file access denials, or rollback triggers. Unlike application updates, SQL Server patches are complex multi-step operations that must coordinate with running database instances, stop services safely, apply binaries to locked files, update metadata in master database, and restart services—any disruption causes 0x80070643. This comprehensive guide provides seven proven methods to fix SQL Server security update error 0x80070643, from ensuring all SQL services are running and restarting them properly, repairing Windows Installer and clearing MSI cache, updating .NET Framework dependencies, running updates with elevated permissions, manually removing failed update remnants, to using SQL Server Configuration Manager for service management and analyzing detailed setup logs to pinpoint exact failure causes, ensuring your SQL Server instances receive critical security patches to maintain database security, compliance with industry standards (PCI-DSS, HIPAA), and protection against emerging threats targeting unpatched SQL Server installations.

Understanding SQL Server Update Error 0x80070643

What is Error 0x80070643?

  • Error code: 0x80070643 (hexadecimal)
  • Meaning: ERROR_INSTALL_FAILURE - Fatal error during installation
  • Context: Windows Installer (MSI) failure specific to SQL Server updates
  • Severity: High—prevents security patches, leaves SQL Server vulnerable
  • Affected versions: SQL Server 2012, 2014, 2016, 2017, 2019, 2022

Common SQL Server Updates That Fail with 0x80070643:

  • KB5014354: Security Update for SQL Server 2017 RTM GDR
  • Cumulative Updates (CU): Monthly patches for SQL Server
  • Service Packs (SP): Major update rollups
  • GDR updates: General Distribution Release (critical security only)
  • On-Demand updates: Specific CVE patches

Why SQL Server Updates Fail Differently Than Regular Windows Updates:

  • Service dependencies: Must stop/start SQL services (Database Engine, Agent, Browser)
  • File locks: Running SQL instances lock .exe/.dll files preventing replacement
  • Database consistency: Updates must not corrupt active databases
  • .NET Framework: SQL Server heavily relies on .NET for installation scripts
  • Multiple instances: Updates must handle default and named instances
  • Complex permissions: Requires both Windows admin and SQL Server sysadmin rights

When Does Error 0x80070643 Occur?

  • Windows Update automatically downloading SQL patches (most common)
  • Manually installing .exe update from Microsoft Download Center
  • Applying cumulative updates via SSMS (SQL Server Management Studio)
  • During SQL Server service pack installation
  • When upgrading SQL Server editions (Express to Standard)

Method 1: Restart All SQL Server Services

SQL Server updates require services to be running but not actively processing. Restarting services resolves 40% of 0x80070643 errors.

Restarting SQL Server services to fix update error 0x80070643

Using SQL Server Configuration Manager (Recommended):

  1. Open SQL Server Configuration Manager:
    • Search "SQL Server Configuration Manager" in Start menu
    • Or run: SQLServerManager15.msc (SQL 2019), SQLServerManager14.msc (SQL 2017), etc.
  2. In left pane, click SQL Server Services
  3. Identify your SQL Server instance services:
    • SQL Server (MSSQLSERVER) - default instance Database Engine
    • SQL Server (InstanceName) - named instance
    • SQL Server Agent (MSSQLSERVER) - job scheduler
    • SQL Server Browser - instance discovery service
  4. Stop services in this order:
  5. Right-click SQL Server Agent → Stop
  6. Right-click SQL Server (MSSQLSERVER) → Stop
  7. Wait 10-15 seconds for services to fully stop
  8. Start services in reverse order:
  9. Right-click SQL Server (MSSQLSERVER) → Start
  10. Wait for "Running" status
  11. Right-click SQL Server Agent → Start
  12. Verify all services show "Running" status
  13. Leave Configuration Manager open
  14. Retry SQL Server update installation

Using Windows Services (services.msc):

  1. Press Windows + R, type services.msc, press Enter
  2. Find SQL Server services (look for "SQL Server" in Name column)
  3. Stop Agent first, then Database Engine
  4. Wait, then start Database Engine, then Agent

Using Command Prompt (Advanced):

  1. Open Command Prompt as Administrator
  2. Stop services:
    • net stop "SQL Server Agent (MSSQLSERVER)"
    • net stop "SQL Server (MSSQLSERVER)"
  3. Start services:
    • net start "SQL Server (MSSQLSERVER)"
    • net start "SQL Server Agent (MSSQLSERVER)"

For named instances: Replace MSSQLSERVER with your instance name (e.g., SQL Server (SQLEXPRESS))

Method 2: Repair Windows Installer Service

Corrupted Windows Installer prevents SQL Server MSI packages from installing. Repairing MSI service fixes installation engine.

Repairing Windows Installer service for SQL Server updates
  1. Open Command Prompt as Administrator
  2. Re-register Windows Installer:
  3. msiexec /unregister
  4. Wait 5 seconds
  5. msiexec /regserver
  6. Restart Windows Installer service:
  7. Press Windows + R, type services.msc
  8. Find Windows Installer service
  9. Right-click → Restart (or Start if stopped)
  10. Set Startup type to Manual (default)
  11. Clear MSI cache:
  12. Open Command Prompt as Admin
  13. Navigate to cache: cd %windir%\Installer
  14. Backup folder: xcopy /s Installer C:\InstallerBackup\
  15. Delete temp files: del /f /s /q *.tmp
  16. Restart computer
  17. Retry SQL Server update

Advanced: Fix Windows Installer Corruption:

  1. Download Microsoft Program Install and Uninstall Troubleshooter
  2. Run troubleshooter
  3. Select "Installing" option
  4. Follow prompts to repair Windows Installer

Method 3: Update or Repair .NET Framework

SQL Server updates use .NET Framework for installation scripts. Missing or corrupt .NET prevents updates from executing properly.

Updating .NET Framework for SQL Server update compatibility

Check Current .NET Framework Version:

  1. Open Command Prompt
  2. Run: reg query "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release
  3. Note the "Release" number
  4. Compare to Microsoft's version table

Install Latest .NET Framework:

  1. Download .NET Framework 4.8 (latest stable)
  2. Run installer as Administrator
  3. Follow installation wizard
  4. Restart computer

Repair .NET Framework (If Already Installed):

  1. Download Microsoft .NET Framework Repair Tool
  2. Run NetFxRepairTool.exe as Administrator
  3. Click Next
  4. Accept license terms
  5. Click Next to start repair
  6. Tool repairs .NET installations (10-20 minutes)
  7. Restart computer
  8. Retry SQL Server update

SQL Server .NET Requirements by Version:

  • SQL Server 2022: .NET Framework 4.7.2 or higher
  • SQL Server 2019: .NET Framework 4.6 or higher
  • SQL Server 2017: .NET Framework 4.6 or higher
  • SQL Server 2016: .NET Framework 3.5 SP1 + 4.6
  • SQL Server 2014: .NET Framework 3.5 SP1 + 4.0

Method 4: Run Update with Full Administrator Rights

SQL Server updates require elevated permissions. UAC or restricted user accounts can block installation even when logged in as administrator.

Running SQL Server update with administrator rights

Disable UAC Temporarily:

  1. Search "UAC" or "User Account Control" in Start menu
  2. Click Change User Account Control settings
  3. Move slider to Never notify (bottom)
  4. Click OK
  5. Restart computer
  6. Install SQL Server update
  7. After update succeeds, re-enable UAC (move slider back up)

Run Update from Administrator Command Prompt:

  1. Download SQL Server update .exe (e.g., SQLServer2017-KB5014354-x64.exe)
  2. Open Command Prompt as Administrator
  3. Navigate to download folder: cd C:\Users\YourName\Downloads
  4. Run update with full permissions:
    • SQLServer2017-KB5014354-x64.exe /quiet /allinstances /IAcceptSQLServerLicenseTerms
    • /quiet = unattended installation
    • /allinstances = update all SQL instances
    • /IAcceptSQLServerLicenseTerms = auto-accept EULA
  5. Wait for installation (5-15 minutes)
  6. Check for error code in output

Verify SQL Server Account Permissions:

  1. Open SQL Server Configuration Manager
  2. Right-click SQL Server service → Properties
  3. Go to Log On tab
  4. Note service account (should be NT SERVICE\MSSQLSERVER or domain account with admin rights)
  5. Ensure account has "Log on as a service" right

Method 5: Remove Failed Update Remnants

Previous failed installation attempts leave partial files and registry keys that block new installations. Cleaning remnants allows fresh install.

Removing failed SQL Server update remnants
  1. Uninstall failed update via Programs:
  2. Press Windows + I → Apps → Installed apps
  3. Search for SQL Server update KB number (e.g., "KB5014354")
  4. If found, click three dots → Uninstall
  5. Follow uninstallation wizard
  6. Restart computer
  7. Check Windows Update history:
  8. Settings → Windows Update → Update history
  9. Find failed SQL Server update
  10. If shows "Failed to install," note details
  11. Clear Windows Update cache:
  12. Open Command Prompt as Admin
  13. Stop services:
    • net stop wuauserv
    • net stop bits
  14. Rename cache: ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
  15. Restart services:
    • net start wuauserv
    • net start bits
  16. Restart computer
  17. Retry SQL Server update installation

Method 6: Analyze SQL Server Setup Logs

SQL Server generates detailed setup logs that pinpoint exact failure cause. Reading logs reveals specific errors to address.

Analyzing SQL Server setup logs to diagnose update failures

Locate SQL Server Setup Logs:

  1. Navigate to: C:\Program Files\Microsoft SQL Server\{Version}\Setup Bootstrap\Log\
    • Replace {Version} with your SQL version (e.g., 150 for SQL 2019, 140 for SQL 2017)
    • Or search for most recent: C:\Program Files\Microsoft SQL Server\
  2. Find most recent timestamp folder (e.g., 20240112_153045)
  3. Open Summary.txt file
  4. Scroll to bottom, look for:
    • "Exit code (Decimal):" - if not 0, installation failed
    • "Exit message:" - describes failure reason
  5. Open Detail.txt for comprehensive log
  6. Search for "error" or "failed" (Ctrl+F)

Common Log Errors and Solutions:

"Service '{ServiceName}' could not be stopped"

  • SQL service hung or not responding
  • Solution: Force stop via Task Manager → Details → End sqlservr.exe process, retry update

"Access is denied" or "Permission denied"

  • Insufficient rights to modify SQL binaries
  • Solution: Run update as Admin, disable UAC (Method 4)

"Could not find file" or "Missing prerequisite"

  • Missing .NET Framework or Visual C++ Redistributables
  • Solution: Install .NET Framework 4.8 (Method 3), install Visual C++ 2015-2022

"Another installation is in progress"

  • Windows Installer locked by another process
  • Solution: Restart Windows Installer service (Method 2), restart computer

"Rollback complete"

  • Update started but failed mid-installation, changes reverted
  • Solution: Look earlier in log for actual error that triggered rollback

Method 7: Manual Installation Using Command-Line Parameters

Manual installation with verbose logging and specific parameters provides more control and better diagnostics than automatic Windows Update.

Manually installing SQL Server update with command-line
  1. Download update manually:
  2. Visit Microsoft Update Catalog
  3. Search for KB number (e.g., "KB5014354")
  4. Download appropriate version for your SQL Server (x64 most common)
  5. Extract and run with parameters:
  6. Open Command Prompt as Administrator
  7. Navigate to download folder
  8. Basic installation:
    • SQLServer2017-KB5014354-x64.exe /Action=Patch /AllInstances /IAcceptSQLServerLicenseTerms
  9. Installation with detailed logging:
    • SQLServer2017-KB5014354-x64.exe /Action=Patch /AllInstances /IAcceptSQLServerLicenseTerms /Log="C:\Temp\SQLUpdate.log"
  10. Installation for specific instance:
    • SQLServer2017-KB5014354-x64.exe /Action=Patch /InstanceName=MSSQLSERVER /IAcceptSQLServerLicenseTerms
    • Replace MSSQLSERVER with your instance name if different
  11. Monitor installation progress in Command Prompt
  12. Wait for "Exit code: 0" (success) or error code
  13. If error occurs, check log file at C:\Temp\SQLUpdate.log
  14. Verify update installation:
  15. Open SQL Server Management Studio (SSMS)
  16. Connect to SQL Server instance
  17. Run query: SELECT @@VERSION
  18. Check version number includes update (e.g., KB5014354)

Useful Command-Line Parameters:

  • /Action=Patch: Specifies patch installation (required)
  • /AllInstances: Updates all SQL instances on server
  • /InstanceName=Name: Updates specific instance only
  • /IAcceptSQLServerLicenseTerms: Accepts EULA (required for unattended install)
  • /Log="Path": Specifies custom log file location
  • /Quiet: Silent installation without UI
  • /SkipRules: Bypasses specific validation rules (use cautiously)

Additional Troubleshooting

Check SQL Server Version and Applicable Updates:

  1. Connect to SQL Server via SSMS
  2. Run: SELECT @@VERSION
  3. Note version number (e.g., 14.0.2037.2 = SQL Server 2017)
  4. Visit Microsoft SQL Server Build List
  5. Find your version, check if update is applicable
  6. Some updates only apply to specific service pack levels

Verify Disk Space:

  • SQL Server updates require 2-3x update file size in free space
  • Check C: drive has 10+ GB free
  • Check SQL Server data drive has adequate space
  • Temp folder (%TEMP%) needs 1-2 GB free

Check Antivirus Exclusions:

  • Add SQL Server installation folder to antivirus exclusions:
    • C:\Program Files\Microsoft SQL Server\
    • C:\Program Files (x86)\Microsoft SQL Server\
  • Exclude SQL data files (*.mdf, *.ldf, *.ndf)
  • Temporarily disable antivirus during update

Frequently Asked Questions

Q: Error 0x80070643 only happens with SQL Server updates, other Windows Updates work fine. Why?

A: SQL Server updates are more complex than standard Windows Updates, requiring coordination with database services, file locks, and .NET Framework—each introduces unique failure points. Specific to SQL: (1) Service dependencies—SQL Server Database Engine must be running but not processing active transactions during update; if service hung or locked database, update fails, (2) .NET Framework requirements—SQL updates use .NET for installation scripts; if .NET corrupted or wrong version, scripts fail with 0x80070643, (3) Multiple instances—server may have default + named instances; update must detect and patch all, failure on one instance fails entire update, (4) File locks—SQL executables (sqlservr.exe) locked by running service; unlike typical apps, stopping service via services.msc may not release locks if databases open—requires clean shutdown via SQL Configuration Manager. Solution order: Restart all SQL services via Configuration Manager (Method 1), update .NET Framework (Method 3), check setup logs for specific service/file causing failure (Method 6). Regular Windows Updates don't face these database-specific complexities.

Q: Can I just skip this SQL Server security update if it keeps failing? My database works fine without it.

A: Absolutely NOT recommended, especially for security updates. Skipping SQL Server security patches exposes critical risks: (1) Exploitable vulnerabilities—security updates patch CVEs (Common Vulnerabilities and Exposures) actively exploited by hackers; unpatched SQL Servers are prime ransomware targets (e.g., SQL injection, privilege escalation), (2) Compliance violations—PCI-DSS, HIPAA, SOX require systems be patched within 30 days; failing audits can result in fines or loss of certifications, (3) Data breach liability—if unpatched vulnerability leads to data breach, company faces legal liability and reputation damage, (4) Support issues—Microsoft Support may refuse to troubleshoot problems on outdated SQL versions. KB5014354 specifically addresses critical security vulnerabilities in SQL Server 2017 that allow remote code execution—missing this patch is severe security risk. If update won't install: Fix the underlying issue (Methods 1-7) rather than skip. If absolutely stuck, consider upgrading to newer SQL Server version or migrating to Azure SQL Database (always patched). Unpatched database server is ticking time bomb.

Q: I get 0x80070643 but SQL Server setup log says "Success." Confusing—what's actually happening?

A: Discrepancy between Windows Update reporting 0x80070643 but SQL setup log showing success indicates Windows Update wrapper failed, not SQL installation itself. Here's why: (1) Two-layer installation—Windows Update downloads .exe, extracts MSI, runs MSI installer; error can occur at wrapper layer even if MSI succeeds, (2) Return code translation—SQL installer returns custom exit codes; Windows Update may misinterpret non-zero informational codes as failures, (3) Post-install validation failure—SQL installs successfully but Windows Update's verification step (checking registry keys or version numbers) fails due to timing or registry delay. To verify actual status: (1) Open SSMS, connect to SQL Server, run SELECT @@VERSION—if version includes update KB number, update succeeded despite error, (2) Check C:\Program Files\Microsoft SQL Server\{Version}\Setup Bootstrap\Log\Summary.txt—if "Exit code (Decimal): 0", installation actually succeeded, (3) Check Windows Update history—if update shows "Failed" but SQL version updated, just hide update to stop retry: Settings → Windows Update → Advanced options → Optional updates → Hide. This false-positive 0x80070643 is annoying but harmless if SQL actually patched.

Q: After fixing 0x80070643 and installing update, SQL Server won't start. How do I recover?

A: Update succeeded but SQL Server startup failure post-update indicates compatibility issue or corrupted update: (1) Check SQL Server Error Log—navigate to C:\Program Files\Microsoft SQL Server\MSSQL{XX}.MSSQLSERVER\MSSQL\Log\, open ERRORLOG file (most recent), look for startup failure reason (e.g., "Database upgrade failed," "incompatible database version"), (2) Start SQL in minimal configuration mode (bypasses user databases): Open Command Prompt as Admin, run net start MSSQLSERVER /f /m (starts with minimal config and single-user mode), connect via SSMS with sysadmin account, run ALTER DATABASE [YourDB] SET OFFLINE; for problematic database, restart normally, (3) Uninstall update if causes persistent failure—Settings → Apps → find SQL update KB → Uninstall, restart, SQL should start on previous version, (4) Restore master database from backup if update corrupted system databases (advanced—requires backup), (5) Repair SQL Server installation—run SQL Server setup.exe, choose Repair, select failing instance, repair completes in 30-60 min. Prevention: Always backup databases before major updates: BACKUP DATABASE YourDB TO DISK='C:\Backup\YourDB.bak', backup master/msdb system databases.

Q: I have multiple SQL Server instances (MSSQLSERVER, SQLEXPRESS). Do I need to fix error separately for each?

A: No, but each instance's services must be managed individually, and updates should target all instances simultaneously: (1) Single update applies to all instances—when you install SQL Server update, it patches all detected instances on server (default + named); you don't install separately per instance, (2) Service management per instance—when restarting services (Method 1), restart EACH instance: net stop "SQL Server (MSSQLSERVER)", net stop "SQL Server (SQLEXPRESS)", then start both; hung service on any instance blocks update for all, (3) Command-line installation options—use /AllInstances parameter to patch all, or /InstanceName=SQLEXPRESS to target specific instance if one keeps failing, (4) Check logs per instance—each instance has separate setup log: C:\Program Files\Microsoft SQL Server\{Version}\Setup Bootstrap\Log\, find instance-specific entries. Best practice: Fix services for all instances (Method 1), run update with /AllInstances parameter (Method 7), verify each instance updated by connecting via SSMS and checking @@VERSION for each. If one instance fails but others succeed, manually install to failing instance only with /InstanceName parameter.