Windows 10 KB5034441 is still broken with 0x80070643 error

Windows 10 KB5034441 is so broken that Microsoft has been working “on a resolution” for more than four weeks and still doesn’t have a proper solution. KB5034441 is a mandatory update for people with a Recovery partition, but it won’t install on most hardware due to 0x80070643 error.

KB5034441 is a security update for Windows Recovery Environment (WinRE), enabled on systems with a recovery partition. This is an important release as it fixes a security issue that allows attackers to bypass Bitlocker’s encryption of other partitions by exploiting WinRe’s vulnerability.

It doesn’t matter whether your Windows installation is using BitLocker. As long as you have a recovery partition, KB5034441 will try to download and install automatically, but our tests revealed the security update would not install with an error message titled “0x80070643 – ERROR_INSTALL_FAILURE”.

This issue has been widely reported by users in our forums, including in the comments section of the previous article on Windows Update.

As you can see in the above screenshot, Windows updates are blocked with the “0x80070643 – ERROR_INSTALL_FAILURE” message, which means some users are unable to install the February 2024 update (KB5034763).

So what causes the patch titled “2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)” to repeatedly fail with a vague error message 0x80070643 – ERROR_INSTALL_FAILURE” and block other updates?

Microsoft officials told me the issue is strictly limited to PCs with low storage space on the recovery partition.

In a support document, Microsoft noted that the Windows Recovery security update needs at least 250 MB of free space in the recovery partition to install successfully:

• For Windows 10 v2004 or Windows Server 2022: You should have 50 MB of free space if the partition is smaller than 500 MB.
• For other versions, you should have more than 300 MB of free space when the partition is 500 MB or larger.
• When the partition is more than 1 GB, it must have at least 1 GB of free space.

Although Microsoft suggests increasing the partition size slightly, increasing this to 2 GB has proven more effective in our tests.

How to fix Windows 10 KB5034441 update issues by easily resizing the partition

1. Open Command Prompt as an administrator.
2. Type reagentc /info to find out if your computer has a special recovery area (WinRE) and where it is.
3. Type reagentc /disable to turn off this recovery area temporarily so you can adjust settings safely.
4. In Command Prompt, enter diskpart followed by list disk to see all your storage drives.
5. You must choose your Windows OS drive with sel disk and the drive number listed in the terminal.
6. After you run sel disk <OS disk index>, type list part to look at the partition’s sections. This lets you check the partition under the OS disk and find the OS partition.
7. Run the command: shrink desired=2000 minimum=2000
8. You can now select the WinRE partition with sel part <WinRE partition index>.
   
9. Note from the editor: If you are still confused, let me simplify it. As shown in the above example screenshot, first, we need to select partition 3 as the OS partition index. This step won’t erase your primary OS partition, part of a different partition created on the same volume as C: Disk. Once you have selected partition 3, follow the remaining instructions to complete the process for the OS primary partition. Next, select partition 4 as your WinRE partition. These partition numbers are specific to my system and can be different for your device.
10. After running the shrink command and selecting the WinRE partition with sel part <WinRE partition index>, you can now remove it safely with delete partition override.
11. Check if your drive uses GPT (newer) or MBR (older) format. Look for an asterisk (*) next to “Gpt” after typing list disk.
12. For GPT drives, set up a new section with create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac and then gpt attributes=0x8000000000000001.
13. For MBR, use create partition primary id=27
14. Get it ready by formatting: format quick fs=ntfs label=”Windows RE tools”
15. Review your setup with list vol.
16. Exit the storage organizer with exit.
17. Reactivate your recovery setup with reagentc /enable.
18. Confirm the new recovery location with reagentc /info.

We have noticed that the above process could fail for some people at the 17th step when they try to reactivate their Recovery Parititon with the “Windows RE image was not found” error. You can try to fix issues with WinRE activation by trying these steps:

1. First, grab the Windows 10 ISO file, and mount the ISO file to a drive. Head to Command Prompt (admin), and run the command: reagentc /disable
2. You can use md c:\WinMount command to create a new directory, which lets you mount your Windows installation file. To mount the image, run the following command:

   dism /mount-wim /wimfile:E:\Sources\install.wim /index:1 /mountdir:C:\WinMount /readonly

3. After mounting the image, we need to copy the recovery files from the fresh ISO image to your system with the following command.

   xcopy C:\WinMount\Windows\System32\Recovery\*.* C:\Windows\System32\Recovery /h

Once done, run the following command to set the recovery image path:

 reagentc /setreimage /path C:\Windows\System32\Recovery /target C:\Windows

Finally, you can return to the 17th step and run the command again: reagentc enable

Microsoft has also published a PowerShell script to fix the problem automatically, and you can grab it from our Discord server, but make sure you install the “Safe OS Dynamic Update” using the Microsoft Update Catalog before running the PowerShell script.