Did the 0x80070643 error jump out at you in Windows? We will advise how to get rid of it!

Did the 0x80070643 error jump out at you in Windows? We will advise how to get rid of it!
  • Microsoft revealed a vulnerability that allowed Bitlocker encryption to be broken
  • Update KB5034441 which fixes the problem but often ends with error 0x80070643
  • This is due to insufficient space in the recovery area

Microsoft released an update labeled KB5034441 in January 2024. This is a fix for a bug that allows attackers to bypass Bitlocker encryption, so it’s a serious issue that needs to be fixed. The bug affects the following systems: Windows 11 version 21H2, Windows 10 version 22H2, Windows 10 version 21H2 and Windows Server 2022. Unfortunately, when installing the update, users encountered error 0x80070643 and the installation did not complete.

If the user decided to skip the update, they only postponed the problem. Since this is a critical patch, it is downloaded every time the system is updated, and then it ends up with an error every time it is updated. After analysis, Microsoft identified a lack of space in the recovery area as the culprit. The update process requires 250 MB of free space, and since the recovery partition cannot be simply wiped, Microsoft recommends increasing it. After that, the update should take place without any problems.

What update KB5034441 fixes

The update fixes a vulnerability identified as CVE-2024-20666. A successful attacker could bypass BitLocker Device Encryption on a system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

How to solve error 0x80070643

Initially, Microsoft promised to release a fix patch, but after a few months it finally resigned and left users to fend for themselves. But he has issued instructions on how to proceed step by step, so even non-technical users should be able to handle it. The fix is ​​to enlarge the recovery partition to have enough free space.

Officially recommended procedure

Microsoft has published instructions on how resize the recovery partition:

First, run PowerShell as administrator:

PS> reagentc /info
...
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE

Windows RE status should be Enabled. Note the values harddisk a partition. Now enter the command to disable Windows RE:

PS> reagentc /disable

Shrink the operating system partition and prepare the drive for a new recovery partition. Run the DISKPART command:

PS> diskpart

By command list disk you can list all disks. Use the command sel disk to select a disc, enter the number noted in the previous step as the disc number.

diskpart

As a result, the system disk will be reduced by 250 MB. Next, enter the command:

sel part 3
delete partition override

This will delete the existing recovery partition. You will immediately create a new one. If your disk is of type GPT (there is a * character in the GPT column), you use this command:

create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac
gpt attributes =0x8000000000000001

If the disk is of type MBR, the command will be as follows:

create partition primary id=27

The new area needs to be formatted:

format quick fs=ntfs label=”Windows RE tools”

If your disk is of type MBR, enter this command as well:

set id=27

To check that changes have been made, you can enter:

list vol

Then close the DISKPART program:

exit

Now re-enable Windows RE:

reagentc /enable

and verify that everything is as it should be:

reagentc /info

Note: if the procedure fails or you decide to abort it yourself, be sure to re-enable Windows RE with the command reagentc /enable.

Script directly from Microsoft

Microsoft has prepared a script for PowerShell that will do the whole process automatically. You can find it here, but just in case, make a backup before running it!

An alternative procedure

Already TechCommunity an alternative procedure has emerged that does not require partition resizing.

Notice

The procedure below is not officially recommended by Microsoft and we have not tried it, use at your own risk. Don’t forget to back up your important data!

Run PowerShell as administrator and type the following command:

PS> reagentc /info
...
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE

Windows RE status should be Enabled. Note the values harddisk a partition. Now enter the command to disable Windows RE:

PS> reagentc /disable

Now the Windows RE image should move from \Recovery\WindowsRE do C:\Windows\System32\Recovery. CAUTION, this is a potentially critical part of the procedure. Verify that the file has indeed been moved. If not, re-enable Windows RE with the command reagentc /enable and do not proceed further! Verify the existence of the moved file with the dir command with the -Force parameter:

PS> dir C:\Windows\System32\Recovery -Force

Directory: C:\Windows\System32\Recovery

Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 2/4/2024 3:37 AM 1139 ReAgent.xml
---hs- 8/6/2021 8:26 PM 440718104 Winre.wim

Now use the diskpart command to change the recovery partition type. Use the values ​​noted in the previous step:

PS> diskpart

DISKPART> select disk 0
Disk 0 is now the selected disk.

DISKPART> select partition 4
Partition 4 is now the selected partition.

ATTENTION! Verify that you have set the correct partition. The selected partition is marked with an asterisk and should be of Recovery type.

DISKPART> list partition

  Partition ###  Type                 Size   Offset
  -------------  ----------------  -------  -------
  Partition 1    System             260 MB  1024 KB
  Partition 2    Reserved            16 MB   261 MB
  Partition 3    Primary            237 GB   277 MB
* Partition 4    Recovery           860 MB   237 GB

View details for review:

DISKPART> detail partition

Partition 4
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
Offset in Bytes: 255158386688
  Volume ###  Ltr  Label        Fs     Type           Size  Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         Windows RE   NTFS   Partition    860 MB  Healthy    Hidden

If the Type parameter is 27, it is an MBR type disk and you set the value to 7:

DISKPART> set id=7 override

If the value is de94bba4-06d1-4d40-a16a-bfd50179d6ac, this is a GPT type partition. Set the value ebd0a0a2-b9e5-4433-87c0-68b6b72699c7:

DISKPART> set id=ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 override

Verify that the changes have been committed:

DISKPART> list partition

  Partition ###  Type                 Size  Offset
  -------------  ----------------  -------  -------
  Partition 1    System             260 MB  1024 KB
  Partition 2    Reserved            16 MB   261 MB
  Partition 3    Primary            237 GB   277 MB
* Partition 4    Primary            860 MB   237 GB

Exit DISKPART:

DISKPART> exit

If a valid recovery partition is not available when Windows RE is re-enabled, reagentc will use C:\Recovery\WindowsRE as the recovery image location. If the WindowsRE directory already exists in C:\Recovery, rename it:

PS> dir C:\Recovery -Force

    Directory: C:\Recovery

Mode       LastWriteTime   Length   Name
----       -------------   ------   ----
d----  12/2/2020 8:57 PM            WindowsRE
d----  3/20/2022 3:10 AM            OEM
-a---  1/12/2021 4:35 AM     1139   ReAgentOld.xml

PS> ren C:\Recovery\WindowsRE WindowsRE.old -Force

Re-enable Windows RE and confirm that the location has changed. Here it has changed from partition4 to partition3, which in this case is the OS partition (C:\).

PS> reagentc /enable

PS> reagentc /info
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition3\Recovery\WindowsRE

At this point, try using Windows Update. Regardless of success or failure, follow the steps below to revert the changes made above.

PS> reagentc /disable
PS> diskpart

  DISKPART> select disk 0
  DISKPART> select partition 4
  DISKPART> list partition

    Partition ###  Type                 Size  Offset
    -------------  ----------------  -------  -------
    Partition 1    System             260 MB  1024 KB
    Partition 2    Reserved            16 MB   261 MB
    Partition 3    Primary            237 GB   277 MB
  * Partition 4    Primary            860 MB   237 GB

For GPT partition
  DISKPART> set id=de94bba4-06d1-4d40-a16a-bfd50179d6ac override
For MBR Partition
  DISKPART> set id=27 override

  DISKPART> list partition

    Partition ###  Type                 Size  Offset
    -------------  ----------------  -------  -------
    Partition 1    System             260 MB  1024 KB
    Partition 2    Reserved            16 MB   261 MB
    Partition 3    Primary            237 GB   277 MB
  * Partition 4    Recovery           860 MB   237 GB

  DISKPART> exit

PS> reagentc /enable
...
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE

Are you experiencing error 0X80070643 with KB5034441?

Source: Microsoft

Source: www.svetandroida.cz