标题: Win10安装2024.1安全补丁KB5034441遭遇0x80070643错
创建: 2024-01-10 11:51 更新: 2024-01-16 12:01 链接: https://scz.617.cn/windows/202401101151.txt
目录:
☆ 背景介绍
☆ Windows补丁安装失败时排障措施
1) 用加密代理避免沿线网络设备干扰
2) Windows自带Troubleshooting功能
3) eventvwr.msc
4) Windows更新历史记录
5) Dbgview
6) setupact.log
☆ 探索「恢复分区」
1) 用diskpart分配盘符
2) 用mountvol分配盘符
3) 查看「恢复分区」中目录与文件
4) 无盘符时访问「恢复分区」
☆ 只适用于高级用户的解决方案
1) MBR分区表的补充说明
2) 找不到「恢复分区」
3) 查看当前WinRE版本信息
4) 升级成功后的setupact.log
5) 「恢复分区」剩余可用空间的限制
6) IDA逆向分析补丁安装包
7) 不扩容「恢复分区」的非官方解决方案
8) Win11的坑
9) DiskGenius的备忘
☆ reagentc命令详解
1) /boottore
2) Reagent.log
3) /disable
4) /enable
5) /setreimage
5.1) 默认/enable状态的ReAgent.xml
5.2) 默认/disable状态的ReAgent.xml
5.3) /setreimage修改ReAgent.xml
5.4) /setreimage后/enable日志
5.5) 用过/setreimage后回到默认状态
6) 将WinRE布署到VHDX文件中
7) 切换WinRE所在分区
8) KB5034441升级失败的另类解决方案
☆ dism命令详解
☆ 后记
☆ 参考资源
☆ 背景介绍
在Win10中安装2024.1安全补丁KB5034441时,有可能看到下列报错:
2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)
There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)
Retry
无论点击多少次Retry,都回到同一报错界面,有强迫症的可能受不了。Google搜索 "Win10 0x80070643",有一堆扯淡答复,一个也不要信。本文详解与之相关的技术细 节及只适用于高级用户的解决方案。
☆ Windows补丁安装失败时排障措施
1) 用加密代理避免沿线网络设备干扰
一般Windows升级过程中出错,优先考虑沿线网络设备干扰,可设置加密WinHTTP代理 (不是WinINET代理)尝试解决:
netsh.exe winhttp set proxy
这必须是加密HTTP代理,不能是加密SOCKS5代理。再就是修改DNS,使得解析回来的 目标服务器IP有变,情况可能会不同。
2) Windows自带Troubleshooting功能
排除网络问题之后,可尝试Windows自带的一项功能:
英文版 control->Troubleshooting->Fix problems with Windows Update 中文版 control->疑难解答->使用"Windows更新"解决问题
有许多Windows升级故障靠此可解决。
此次0x80070643错用前述所有排障措施均无效,必须另寻他法。
3) eventvwr.msc
eventvwr.msc中可看到此次补丁安装失败的日志,但未提供有效帮助。
4) Windows更新历史记录
可去下列位置查看补丁安装情况:
英文版 Settings->Update & Security->Windows Update->View update history 中文版 设置->更新和安全->Windows更新->查看更新历史记录
在上述位置提示安装KB5034441失败,有个链接指向该补丁的介绍:
KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024 https://support.microsoft.com/en-us/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8
其中有一段内容:
This update addresses a security vulnerability that could allow attackers to bypass BitLocker encryption by using Windows Recovery Environment (WinRE). Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:
0x80070643 - ERROR_INSTALL_FAILURE
意思是,KB5034441用于修复某个利用WinRE绕过BitLocker的安全漏洞,当「恢复分 区」空间太小时,可能导致KB5034441安装失败。由于另一个小问题,安装失败时并 未提示「恢复分区磁盘空间不足」,只提示0x80070643错。你就说,坑不坑吧。
5) Dbgview
2024-01-10 16:21 小钻风
小钻风用调试器调试KB5034441安装过程,发现有调试信息输出,在调试器中可见, 也可用Sysinternals的Dbgview接收这种调试信息。
DebugView->Capture Global Win32 (默认未选中)
在某台主机上看到:
[14208] Info: WinRE partition total space [586149888], free space [66940928], winre size [501321417], target WinRE size [542379489] [14208] Info: Free space requirement: [54525952] [14208] 0x80070032 in WinREAgent::Executor::ScheduleCommit (base\diagnosis\srt\winreagent\dll\executor.cpp:424): Could not schedule scenario operations [14208] 0x80070032 in WinREAgent::Executor::Stage (base\diagnosis\srt\winreagent\dll\executor.cpp:1030): Failed to schedule Commit [14208] 0x80070032 in WinREAgent::WinREServicingManager::Stage (base\diagnosis\srt\winreagent\dll\winreservicingmanager.cpp:485): Failed to stage WinRE servicing [14208] 0x800f0828 in wmain (base\diagnosis\srt\winreagent\tools\winreupdateinstaller\main.cpp:85): [WinREUpdInst] Failed to stage WinRE servicing operation due to insufficient disk space in WinRE partition
补丁安装包输出调试信息:
Failed to stage WinRE servicing operation due to insufficient disk space in WinRE partition
这个信息指向性明确,比GUI中0x80070643错误码强多了。这提醒我们,Windows升级 出错时,开Dbgview接收调试信息。
6) setupact.log
KB5034441安装过程中出现父子进程:
C:\Windows\SoftwareDistribution\Download\Install\WinREUpdateInstaller_2401B_amd64.exe C:\Windows\TEMP\IXP000.TMP\WinREUpdateInstaller.exe
14208是WinREUpdateInstaller.exe的PID,每次Retry会产生新的父子进程。我猜补 丁安装成功的话,前者会被删除,而后者本来就位于TEMP目录。假设在不断Retry阶 段,用Process Explorer查看WinREUpdateInstaller.exe进程,看到两个日志文件:
C:\Windows\Logs\WinREAgent\setupact.log C:\Windows\Logs\DISM\dism.log
Dbgview接收的调试信息同步出现在setupact.log中,可查看更早的升级日志。发现 2023年9月有一次WinRE升级失败,但当时GUI中全无显示。在setupact.log看到:
Current WinRE version: [10.0.19041.1] Update WinRE version: [10.0.19041.3083] Update WinRE version: [10.0.19041.3920]
3083那条试图升级WinRE,但失败了,当时日志未提「恢复分区」空间不够,不知具 体失败原因。
setupact.log中还出现过:
[wuauclt.exe] Enter WinReGetConfig [wuauclt.exe] Parameters: configWinDir: NULL [wuauclt.exe] WinRE config file path: C:\Windows\system32\Recovery\ReAgent.xml [wuauclt.exe] Update enhanced config info is enabled. [wuauclt.exe] WinRE is installed [wuauclt.exe] WinRE is installed at: \?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE [wuauclt.exe] System is WimBoot: FALSE [wuauclt.exe] WinRE image validated [wuauclt.exe] Exit WinReGetConfig return value: 1, last error: 0x0
☆ 探索「恢复分区」
1) 用diskpart分配盘符
2024-01-11 16:44 scz
diskmgmt.msc无法操作「恢复分区」,diskpart可给「恢复分区」分配盘符:
diskpart
list volume
select volume
之后在资源管理器中查看T盘,可以看分区容量、已用空间、可用空间、根目录等。
据小钻风说,OS重启后diskpart分配的盘符自动消失,无需手动删除。
2) 用mountvol分配盘符
除了用diskpart分配盘符,还可用mountvol分配盘符。如下命令显示所有卷(volume), 显示容量、盘符、卷ID:
$ powershell -Command "GWMI -namespace root\cimv2 -class win32_volume | FL -property Capacity, DriveLetter, DeviceID"
「恢复分区」默认没有盘符,可根据容量识别它,假设是:
Capacity : ... DriveLetter : DeviceID : \?\Volume{38a4136a-9e42-4f9f-b6f8-bc54c7781fdf}\
此时可用mountvol为该卷分配盘符,不是非用diskpart不可:
$ mountvol T:\ \?\Volume{38a4136a-9e42-4f9f-b6f8-bc54c7781fdf}\ $ dir /a /s T:\ $ mountvol T:\ /D
"/D"删除盘符。OS重启后mountvol分配的盘符仍在,需要手动删除。
3) 查看「恢复分区」中目录与文件
假设已给「恢复分区」分配盘符T
在管理员级cmd中执行:
$ dir /a /s T:\
Recovery\ WindowsRE\ boot.sdi ReAgent.xml winre.wim
就这么点东西,boot.sdi与ReAgent.xml都是布署WinRE时动态生成的,真正需要备份 的是winre.wim,空间都是它占的,几百兆,升级后该文件会增大。
$ dir /a /q T:\ 2024/01/11 13:35
Recovery目录的owner是"BUILTIN\Administrators"
$ icacls.exe T:\Recovery T:\Recovery BUILTIN\Administrators:(OI)(CI)(F)
管理员组可以读写Recovery目录,无需其他权限。
有人可能注意到演示操作在管理员级cmd中进行,为什么不在管理员级资源管理器中 操作?因为,不知从哪个版本Win10开始,想开一个管理员级资源管理器,非常困难, 不信你可以试试。参看:
《Win10开管理员级资源管理器》 https://scz.617.cn/windows/202401111737.txt
假设已经拥有管理员级资源管理器,则可正常浏览T盘。
4) 无盘符时访问「恢复分区」
即使没有盘符,也可用"卷ID"访问目标卷,在管理员级cmd中执行:
$ taskkill /f /im explorer.exe && pause && explorer /nouaccheck $ start \?\Volume{38a4136a-9e42-4f9f-b6f8-bc54c7781fdf}\
或在"Win-R"中输入"卷ID"回车亦可,即可在资源管理器中访问该卷,直接在资源管 理器地址栏输入"卷ID"不行。
☆ 只适用于高级用户的解决方案
参看
KB5028997: Instructions to manually resize your partition to install the WinRE update https://support.microsoft.com/en-us/topic/kb5028997-instructions-to-manually-resize-your-partition-to-install-the-winre-update-400faa27-9343-461c-ada9-24c8229763bf
非LTSB版Win10的「恢复分区」一般紧跟「OS分区」之后,在KB5034441出场前,大约 559MB。官方解决方案是,收缩「OS分区」、扩容「恢复分区」,多出250MB即可。官 方解决方案居然不要求离线处理分区,可在线热收缩「OS分区」、扩容「恢复分区」。 此操作属于高危操作,非专业人员不要自行处理,专业人员请认真阅读前述URL,谨 慎执行每一步。
开管理员级cmd,在其中执行后续命令:
查看「恢复分区」信息:
$ reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration Information:
Windows RE status: Enabled
Windows RE location: \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
Boot Configuration Data (BCD) identifier: 56d54e6b-252a-11ee-b3ed-fd6deb5dfccd
「恢复分区」硬盘号0(harddisk0)、分区号4(partition4),后面用得上这些信息
禁用WinRE:
$ reagentc /disable
用Windows自带工具收缩、扩容分区:
$ diskpart
list disk
Disk ### Status Size Free Dyn Gpt
Disk 0 Online 128 GB 0 B *
select disk 0
这一步不要照抄,要选「恢复分区」所在硬盘,可根据"list disk"显示的硬盘大小 排除干扰。
list part
Partition ### Type Size Offset
Partition 1 System 100 MB 1024 KB Partition 2 Reserved 16 MB 101 MB Partition 3 Primary 127 GB 117 MB Partition 4 Recovery 559 MB 127 GB
上述显示表明,3号分区是「OS分区」,即C盘所在分区,4号分区是「恢复分区」
select partition 3
这一步不要照抄,要选「OS分区」
shrink desired=250 minimum=250
这一步收缩「OS分区」,收缩250MB,将来用于「恢复分区」
select partition 4
这一步不要照抄,要选「恢复分区」
查看旧「恢复分区」:
detail partition
Partition 4 Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac Hidden : Yes Required: Yes Attrib : 0X8000000000000001 Offset in Bytes: ...
Volume ### Ltr Label Fs Type Size Status Info
- Volume 3 Windows RE NTFS Partition 559 MB Healthy Hidden
注意Volume的序号与Partition的序号不是一回事,各论各的
删除旧「恢复分区」:
delete partition override
list disk
Disk ### Status Size Free Dyn Gpt
- Disk 0 Online 128 GB 810 MB *
上述显示表明硬盘分区表用的是"GUID Partition Table (GPT)",另一种是"Master Boot Record (MBR)"。现在常见GPT,少见MBR。
假设碰上GPT,执行:
create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac gpt attributes=0x8000000000000001
假设碰上MBR,执行:
create partition primary id=27
无论GPT、MBR,后续操作都一样
format quick fs=ntfs label="Windows RE Tools"
可不指定卷标(label),缺省为空
list vol
Volume ### Ltr Label Fs Type Size Status Info
Volume 0 D DVD-ROM 0 B No Media Volume 1 C NTFS Partition 127 GB Healthy Boot Volume 2 FAT32 Partition 100 MB Healthy System * Volume 4 Windows RE NTFS Partition 810 MB Healthy Hidden
这一步确认「恢复分区」已成功扩容至810MB
退出diskpart
exit
启用WinRE:
reagentc /enable
再次查看「恢复分区」信息:
reagentc /info
一旦「恢复分区」扩容成功,再次安装KB5034441,不再提示0x80070643错。整个过 程,无需重启OS,无需挂WinPE离线处理分区。
最后,再次提醒,高危操作,非专业人员不要自行处理。没碰上安装KB5034441遭遇 0x80070643错的,不涉及此坑,千万不要没事给自己找事啊。
1) MBR分区表的补充说明
2024-01-10 19:03 星宇
我没有MBR测试环境,只测试了GPT。网友「星宇」就MBR分区做了重要补充,如下:
假设是MBR分区,执行
create partition primary id=27 detail partition
看到的分区类型确实是27,接着执行
format quick fs=ntfs label="Windows RE Tools" detail partition
看到的分区类型已从27变成07,这种分区重启后OS会为之分配盘符,分区变成可见。 解决办法是,format之后重新修正分区类型:
set id=27 override
若是GPT情形的分区类型不正确,亦可手工修正:
set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac" override
2) 找不到「恢复分区」
有些Windows不是标准安装而来,或有其他骚包操作,使得找不到「恢复分区」,可 参看下文尝试解决:
Veeam Agent - Windows recovery image file not found [2023-12-06] https://www.veeam.com/kb2685
这篇内容有不少冗余步骤,不必要,理解原理后可自己裁剪。注意到两条命令:
robocopy /MIR /XJ
/E copy subdirectories, including Empty ones. /PURGE delete dest files/dirs that no longer exist in source. /MIR MIRror a directory tree (equivalent to /E plus /PURGE) /XJ eXclude symbolic links (for both files and directories) and Junction points. /h Copies hidden and system files also.
3) 查看当前WinRE版本信息
$ reagentc /info | findstr /c:"Windows RE location" Windows RE location: \?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
$ dism /get-imageinfo /imagefile:\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim /index:1
...
Index : 1
Name : Microsoft Windows Recovery Environment (x64)
Description : Microsoft Windows Recovery Environment (x64)
Size : 2,457,661,956 bytes
WIM Bootable : No
Architecture : x64
Hal :
据此可确认KB5034441升级WinRE成功。
4) 升级成功后的setupact.log
C:\Windows\Logs\WinREAgent\setupact.log
这是某台主机扩容「恢复分区」后升级WinRE成功的日志
GetWinREVersion: Version [10.0.19041.3920] Update WinRE version: [10.0.19041.3920] Stage completes, schedule Commit execution Schedule Commit execution OS is Client WinRE partition total space [849342464], free space [351715328], winre size [479421404], target WinRE size [523051007] Free space requirement: [54525952] Selected [2] scenario to execute Check whether can execute Commit Free space on Target Volume is [108068290560] Estimated target OS disk space usage peak [0] WinRE servicing staged
5) 「恢复分区」剩余可用空间的限制
参看
BIOS/MBR-based hard drive partitions https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-biosmbr-based-hard-drive-partitions?view=windows-11
按上述微软官方文档的说法,要求「恢复分区」剩余可用空间最小52MB。
从Dbgview接收的调试信息可知「恢复分区」相关信息:
586149888 total 分区总容量 66940928 oldfree 旧剩余可用空间 501321417 oldwim 旧winre.wim大小 542379489 newwim 新winre.wim大小 54525952 minfree 新winre.wim安装完成后要求的最小剩余可用空间(52MB)
total-oldwim=84828471≠oldfree
该值并不等于oldfree,因为除了旧winre.wim,还有其他文件,NTFS文件系统本身也 消耗一些空间,oldfree实际等于"total-oldwim-other",必小于"total-oldwim"。
total-newwim=43770399≠newfree
若不扩容「恢复分区」,newfree必小于43770399,但minfree要求最小52MB,于是补 丁安装包输出调试信息:
Failed to stage WinRE servicing operation due to insufficient disk space in WinRE partition
6) IDA逆向分析补丁安装包
小钻风用IDA看了补丁安装包检查「剩余可用空间」的相关代码,令人唏嘘:
if ( TotalNumberOfFreeBytes.QuadPart <= newwim + 10MB ) { //
// 本例minfree是52MB // minfree = winreEstimateBufferNeededOnPartition(TotalNumberOfBytes.LowPart, v19, v20, v21, v5); PushButtonReset::Logging::Trace(0i64, L"Free space requirement: [%llu]", minfree); // // 微软在此收集遥测数据 // if ( a3 ) WinREAgent::TelemetrySession::TraceDataPoint( a3, (const unsigned __int16 )(minfree - oldwim + newwim + 10MB), L"UpdateInPartitionFreeSpaceReq", (minfree - oldwim + newwim + 10MB) & -(__int64)(oldwim < newwim)); if ( newwim <= oldwim || TotalNumberOfFreeBytes.QuadPart > minfree - oldwim + newwim + 10MB ) { // // 对应日志 // Selected [2] scenario to execute // a5 = 2; } else { // // 出现在调试信息中的错误代码 // Directory = 0x80070032; } } else { // // Selected [1] scenario to execute // *a5 = 1; }
7) 不扩容「恢复分区」的非官方解决方案
小钻风深入研究过,本次WinRE升级过程要求找到旧WinRE,且是合法有效的,然后增 量式升级。不存在「恢复分区」、「恢复分区」为空,这些情形都会导致升级失败。
他干了件骚操作,用"symbolic link"将旧winre.wim移出「恢复分区」,未扩容,然 后Retry,升级成功,这实际相当于"Selected [1] scenario to execute"。假设已 给「恢复分区」分配盘符T,在管理员级cmd中执行:
cd /d T:\Recovery\WindowsRE attrib -h -s winre.wim move winre.wim %TEMP%\ mklink winre.wim %TEMP%\winre.wim
执行完上述命令后,再次安装补丁,成功,最后删除临时文件:
del %TEMP%\winre.wim
骚操作的结果是,新winre.wim依旧写入「恢复分区」,绕过了对minfree的检查。我 猜newfree太小的话,可能会有问题,但minfree为52MB这种要求是保守要求。确认起 见,他"reagentc /boottore",重启进入WinRE,打开cmd无误。
关于"symbolic link",参看
《shortcut/hard link/junction point/symbolic link简介》 https://scz.617.cn/windows/201510151343.txt
8) Win11的坑
现在哭天喊地的大多是Win10用户,我没有Win11,只记录。
小钻风指出,Win11安装2024.1安全补丁时存在类似问题。KB5034440是Win11 21H2同 一漏洞(CVE-2024-20666)补丁编号。Win11 22H2/23H2的CVE-2024-20666漏洞补丁包 含在累积升级包中,仍然存在「恢复分区」更新失败的问题;不过这个失败不会导致 累积升级包更新失败,也未暴露在GUI界面上;要想按前述方案来解决问题,只能先 卸载累积升级包。下面是一组Win11日志:
WinRE partition total space [648015872], free space [89124864], winre size [540919850], target WinRE size [591982899] Free space requirement: [54525952] 0x80070032 in WinREAgent::Executor::ScheduleCommit (base\diagnosis\srt\winreagent\dll\executor.cpp:563): Could not schedule scenario operations 0x80070032 in WinREAgent::Executor::Stage (base\diagnosis\srt\winreagent\dll\executor.cpp:1249): Failed to schedule Commit 0x80070032 in WinREAgent::WinREServicingManager::Stage (base\diagnosis\srt\winreagent\dll\winreservicingmanager.cpp:669): Failed to stage WinRE servicing
9) DiskGenius的备忘
2024-01-12 21:59 ZYP
ZYP用DiskGenius 5.5.0.1488调整「OS分区」、「恢复分区」的大小,之后安装补丁 成功。但是,DG每调整一次分区大小,都会带来一次OS重启,会在其自带PE环境中执 行调整分区大小的真正操作,使得整个流程更重、更支离破碎。第一次重启他能理解, 毕竟是收缩「OS分区」,第二次重启他有点蒙,不太符合DG的调性,但确是如此。这 是他的实测结果,若无其他低级错误的话,DiskGenius就不如diskpart了,后者无需 重启OS。
但确有一些网友在本案例中用DG在线热操作成功,未要求重启。看来这事儿的影响因 素挺多,有可能要求重启,有可能不要求。
不考虑「恢复分区」的实际意义,只讨论一种技术可能性,ZYP提了个问题,有无可 能把WinRE搞到VHDX文件里?答案是肯定的,见后。
☆ reagentc命令详解
2024-01-12 15:03 scz
$ reagentc /?
Configures the Windows Recovery Environment (Windows RE) and system reset.
REAGENTC.EXE
The following commands can be specified:
/info - Displays Windows RE and system reset configuration information. /setreimage - Sets the location of the custom Windows RE image. /enable - Enables Windows RE. /disable - Disables Windows RE. /boottore - Configures the system to start Windows RE next time the system starts up. /setbootshelllink - Adds an entry to the Reset and Restore page in the boot menu.
For more information about these commands and their arguments, type
REAGENTC.EXE
Examples: REAGENTC.EXE /setreimage /? REAGENTC.EXE /disable /?
$ reagentc /disable /? Disables the local copy of the Windows Recovery Environment (Windows RE). This command can only be used from the running operating system.
Warning: Windows RE can help resolve startup problems; disabling it is not recommended.
REAGENTC.EXE /disable [/logpath
Example: REAGENTC.EXE /disable /logpath C:\Temp\Reagent.log
$ reagentc /enable /? Enables the local copy of the Windows Recovery Environment (Windows RE).
This command can be used from the running operating system without additional parameters, or from the Windows Preinstallation Environment (Windows PE) using the optional /osguid parameter.
REAGENTC.EXE /enable [/osguid
/osguid
/logpath
Example: REAGENTC.EXE /enable /logpath C:\Temp\Reagent.log REAGENTC.EXE /enable /osguid {00000000-0000-0000-0000-000000000000}
$ reagentc /setreimage /? Sets the location of the custom Windows Recovery Environment (Windows RE) image.
REAGENTC.EXE /setreimage /path
/path
Example: REAGENTC.EXE /setreimage /path r:\Recovery\WindowsRE /logpath C:\Temp\Reagent.log REAGENTC.EXE /setreimage /path r:\Recovery\WindowsRE /target C:\Windows
1) /boottore
$ reagentc /boottore
上述命令指定下次重启时自动进「高级启动模式」
2) Reagent.log
所有reagentc操作,默认记入日志:
C:\Windows\Logs\Reagent\Reagent.log
3) /disable
在C:\Windows\Logs\Reagent\Reagent.log中看到:
[ReAgentc.exe] -----Executing command line: reagentc /disable----- [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] Enter WinReUnInstall [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] WinRE is installed [ReAgentc.exe] winreCopyWIMBack moved WIM file from \?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\ to C:\Windows\system32\Recovery\winre.wim successfully! [ReAgentc.exe] WinRE uninstall step 1 succeeded: copy WIM file back to its staging location [ReAgentc.exe] WinRE uninstall step 2 succeeded: update agent config for BCD id, install state, schedule operation. [ReAgentc.exe] The current Recovery BCD entry points to \Device\HarddiskVolume4[\Recovery\WindowsRE\winre.wim] [ReAgentc.exe] The WIM file being unregistered is \Device\HarddiskVolume4[\Recovery\WindowsRE\winre.wim] [ReAgentc.exe] Paths are the same, clearing Recovery BCD [ReAgentc.exe] Cleared recovery BCD successfully [ReAgentc.exe] WinRE uninstall step 3 succeeded: unregister winre.wim from recovery BCD. [ReAgentc.exe] WinRE uninstall step 4 succeeded: remove recovery related sequence from BCD. [ReAgentc.exe] WinRE uninstall step 5 completed with return value TRUE: remove validation task. [ReAgentc.exe] Exit WinReUnInstall returns 1 with last error: 0x0 [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] -----Exiting command line: reagentc /disable, Error: 0-----
默认状态下,/disable将位于「恢复分区」的winre.wim移动(不是复制)到:
C:\Windows\system32\Recovery\winre.wim
删除「恢复分区」的"Recovery\WindowsRE\"子目录,从BCD中删除WinRE。
4) /enable
在C:\Windows\Logs\Reagent\Reagent.log中看到:
[ReAgentc.exe] -----Executing command line: reagentc /enable----- [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] Enter WinRECheckGuid [ReAgentc.exe] Parameter: TargetOsGuid: : NULL [ReAgentc.exe] Exit WinRECheckGuid return error code: 0x0 [ReAgentc.exe] Enter WinReInstall [ReAgentc.exe] Parameter: ReInstallBecauseOfBitlocker: 0 [ReAgentc.exe] --Install on target OS step 1: collect info like partition list, loading reagent.xml, source winre.wim and partition [ReAgentc.exe] Enumerate and log all fixed partitions: [ReAgentc.exe] --Partition info-- ... [ReAgentc.exe] Get downlevel ReAgent config [ReAgentc.exe] Downlevel config file path: \Recovery\ReAgentOld.xml [ReAgentc.exe] Checking for downlevel WinRE installation. [ReAgentc.exe] First round search [ReAgentc.exe] Get ReAgent config [ReAgentc.exe] GetReAgentConfig Config file path: C:\Windows\system32\Recovery\ReAgent.xml [ReAgentc.exe] CheckRegKey test hook (SystemSetupInProgress) present and disabled [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] Failed to get recovery entries: 0xc0000225 [ReAgentc.exe] winreGetWinReGuid returning 0X490 [ReAgentc.exe] ReAgentConfig::ReadBcdAndUpdateEnhancedConfigInfo WinRE disabled, WinRE Guid could not be determined (0x490) [ReAgentc.exe] FindWinReSourceImageAndPartition No source winre.wim was specified. Checking for a staged winre.wim. [ReAgentc.exe] FindWinReSourceImageAndPartition using winre.wim from C:\Windows\system32\Recovery [ReAgentc.exe] --Install on target OS step 2: detect and fix if there is any issue for winre settings [ReAgentc.exe] DetectAndFixWinReIssues nothing to do because winre is not enabled. [ReAgentc.exe] --Install on target OS step 3: check if we can keep winre.wim in the same partition if it is staged. [ReAgentc.exe] --Install on target OS step 4: check if we can put winre.wim in other partitions or create one if needed. [ReAgentc.exe] CanPutWinREOnOtherPartitions WinRE is not staged. Searching for a suitable partition for WinRE. [ReAgentc.exe] Entering FindTargetPartition [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Not allowed to repartition the disk [ReAgentc.exe] Start looping through each partition and initialize os partition, recovery partition and system partition for MBR [ReAgentc.exe] Checking partition at offset 1048576, partition number: 1 [ReAgentc.exe] skip GPT Partition which type is not PARTITION_MSFT_RECOVERY_GUID [ReAgentc.exe] Checking partition at offset 136588558336, partition number: 4 [ReAgentc.exe] partition contains winre backup partition marker [ReAgentc.exe] NOTE: find existing WinRE partition and continue [ReAgentc.exe] Checking partition at offset 122683392, partition number: 3 [ReAgentc.exe] find OS partition [ReAgentc.exe] Complete looping through each partition [ReAgentc.exe] ----Search target partition option #1: try existing WinRE partition [ReAgentc.exe] MeetPartitionRequirements Partition details: {Offset: 136588558336, Free space: 834293760, Total space: 849342464} [ReAgentc.exe] MeetPartitionRequirements WinRE WIM size: 523051007 [ReAgentc.exe] MeetPartitionRequirements Required free space: 577576959 [ReAgentc.exe] Found target partition: use the existing WinRE partition, offset: 136588558336 [ReAgentc.exe] Exit FindTargetPartition returns with status code: 0x0 [ReAgentc.exe] --Install on target OS step 5: set WinRE settings and restore system to a good state when hitting any errors [ReAgentc.exe] Enter SetWinRESettings [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Copying WinRE from C:\Windows\system32\Recovery to staging location on \?\GLOBALROOT\device\harddisk0\partition4 [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Copied WinRE to staging location [ReAgentc.exe] Creating BCD entry [ReAgentc.exe] WinRE created BCD entry: : {56D54E6D-252A-11EE-B3ED-FD6DEB5DFCCD} [ReAgentc.exe] Moving Winre and boot.sdi from staging location to target [ReAgentc.exe] Moved Winre and boot.sdi from staging location to target [ReAgentc.exe] Updating reagent.xml [ReAgentc.exe] Set WinRE location path to: \Recovery\WindowsRE [ReAgentc.exe] Set recovery guid [ReAgentc.exe] Set scheduled operation: WinReNoOperation [ReAgentc.exe] Set OS build version: 19041.1.amd64fre.vb_release.191206-1406 [ReAgentc.exe] Set Wimboot state: 0 [ReAgentc.exe] Set install state to: enabled [ReAgentc.exe] Setting the recovery sequence for the target OS. ... [ReAgentc.exe] Creating backup of reagent.xml [ReAgentc.exe] Created backup of reagent.xml [ReAgentc.exe] Configuring the WinRE validation task. ... [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] WinRE is installed [ReAgentc.exe] Loading boot index 1 [ReAgentc.exe] winreValidateWimFile took 141 ms. [ReAgentc.exe] WinReValidateRecoveryWimInternal took 2266 ms. [ReAgentc.exe] Completed the WinRE validation task. ... [ReAgentc.exe] Storing disk info in NVRAM [ReAgentc.exe] GetFirmwareEnvironmentVariableW() = 0xcb [ReAgentc.exe] NVRAM update not necessary [ReAgentc.exe] Stored disk info in NVRAM [ReAgentc.exe] SetWinRESettings return with error code 0x0 [ReAgentc.exe] WinReInstallOnTargetOSInternal WinRE installation completed successfully. [ReAgentc.exe] Exit WinReInstall return value: 1, last error: 0x0 [ReAgentc.exe] Enter WinReSetConfig [ReAgentc.exe] Parameters: configWinDir: NULL [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] WinRE is installed [ReAgentc.exe] Exit WinReSetConfig return value: 1, last error: 0x0 [ReAgentc.exe] Clear non critical error when enabling auto repair [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] -----Exiting command line: reagentc /enable, Error: 0-----
/enable是/disable的逆操作,在「恢复分区」重建"Recovery\WindowsRE\"子目录, 将"C:\Windows\system32\Recovery\winre.wim"移动回「恢复分区」,在BCD中添加 WinRE。这说的是默认状态,非默认状态有变,后面细说。
5) /setreimage
做如下实验:
mountvol T:\ \?\Volume{38a4136a-9e42-4f9f-b6f8-bc54c7781fdf}\
dir /a /s T:\Recovery dir /a /s C:\Windows\system32\Recovery
reagentc /info notepad C:\Windows\system32\Recovery\ReAgent.xml
reagentc /disable reagentc /info notepad C:\Windows\system32\Recovery\ReAgent.xml
dir /a /s T:\Recovery dir /a /s C:\Windows\system32\Recovery
xcopy /h C:\Windows\system32\Recovery\winre.wim C:\temp
reagentc /setreimage /path C:\temp notepad C:\Windows\system32\Recovery\ReAgent.xml
reagentc /enable reagentc /info notepad C:\Windows\system32\Recovery\ReAgent.xml
dir /a /s T:\Recovery dir /a /s C:\Windows\system32\Recovery dir /a /s C:\Recovery dir /a /s C:\temp
reagentc /disable notepad C:\Windows\system32\Recovery\ReAgent.xml
dir /a /s T:\Recovery dir /a /s C:\Windows\system32\Recovery dir /a /s C:\Recovery dir /a /s C:\temp
mountvol T:\ /D
5.1) 默认/enable状态的ReAgent.xml
默认/enable状态的"C:\Windows\system32\Recovery\ReAgent.xml":
WinreLocation中指定WinRE所在;guid对应"Disk ID",diskpart的"detail disk"可 查;offset是「恢复分区」在硬盘中的偏移,"detail partition"可查。
InstallState为1表示/enable,为0表示/disable
默认/enable状态下列两个文件内容完全一样:
C:\Windows\system32\Recovery\ReAgent.xml T:\Recovery\WindowsRE\ReAgent.xml
5.2) 默认/disable状态的ReAgent.xml
默认/disable状态的"C:\Windows\system32\Recovery\ReAgent.xml":
WinreLocation被重置成无效值,InstallState由1变0。
假设已在默认/disable状态,现在/enable。由于ImageLocation无有效值,reagentc 会遍历各分区,根据分区类型选用第一个可用「恢复分区」。
5.3) /setreimage修改ReAgent.xml
xcopy /h C:\Windows\system32\Recovery\winre.wim C:\temp reagentc /setreimage /path C:\temp
/setreimage干什么呢?它实际只干一件事,修改如下文件:
C:\Windows\system32\Recovery\ReAgent.xml
可以不用/setreimage,纯手工修改ReAgent.xml,达成同样目的。必须在/disable状 态/setreimage,否则有错误提示。/path中必须存在winre.wim,否则有错误提示。
/setreimage后"C:\Windows\system32\Recovery\ReAgent.xml"如下:
WinreLocation仍为无效值,ImageLocation通过"guid+offset+path"指定备份目录, 这是备份winre.wim所在,不要求temp下有其他文件(比如boot.sdi、ReAgent.xml)。 InstallState仍为0,但WinREStaged由0变1。WinREStaged只有提示作用,改回0不影 响后续实际流程。
/setreimage之后/enable,将从temp取winre.wim;识别temp所在分区,无论该分区 本来是什么类型,哪怕是「OS分区」,都会将temp所在分区当成布署WinRE的目标分 区,在temp所在分区根目录创建"Recovery\WindowsRE\"子目录,将winre.wim从temp 移动至前述WindowsRE子目录;生成boot.sdi、ReAgent.xml,在BCD中添加WinRE。此 时/enable有点诡异,死活删除C:\Windows\system32\Recovery\winre.wim,按说跟 它无关了;这使得无论/path指向哪里,/enable成功后默认目录下必无winre.wim, 切莫将默认目录当成winre.wim备份所在。用Process Monitor看到:
ReAgentc.exe SetDispositionInformationEx C:\Windows\System32\Recovery\Winre.wim SUCCESS Flags: FILE_DISPOSITION_DELETE, FILE_DISPOSITION_POSIX_SEMANTICS, FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK
之后再次/disable,不用默认目录"C:\Windows\system32\Recovery"备份winre.wim, 而是用temp目录备份winre.wim,是移动式备份,非复制式备份。
做实验:
cd /d C:\temp reagentc /disable mkdir C:\Recovery\WindowsRE xcopy /h winre.wim C:\Recovery\WindowsRE reagentc /setreimage /path C:\Recovery\WindowsRE notepad C:\Windows\system32\Recovery\ReAgent.xml dir /a /s C:\Recovery
reagentc /enable dir /a /s C:\temp dir /a /s C:\Recovery dir /a /s C:\Windows\system32\Recovery
reagentc /disable dir /a /s C:\temp dir /a /s C:\Recovery dir /a /s C:\Windows\system32\Recovery
若/path指向"C:\Recovery\WindowsRE",winre.wim备份目录与目标目录重叠; /disable后其下仍有winre.wim,其余boot.sdi、ReAgent.xml被删除;/enable后其 下生成boot.sdi、ReAgent.xml。此行为模式是众多/setreimage介绍文章引发困扰与 歧义的根源所在,本质是备份目录与目标目录的关系。
5.4) /setreimage后/enable日志
notepad C:\Windows\Logs\Reagent\Reagent.log
[ReAgentc.exe] -----Executing command line: reagentc /enable----- [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] Enter WinRECheckGuid [ReAgentc.exe] Parameter: TargetOsGuid: : NULL [ReAgentc.exe] Exit WinRECheckGuid return error code: 0x0 [ReAgentc.exe] Enter WinReInstall [ReAgentc.exe] Parameter: ReInstallBecauseOfBitlocker: 0 [ReAgentc.exe] --Install on target OS step 1: collect info like partition list, loading reagent.xml, source winre.wim and partition [ReAgentc.exe] Enumerate and log all fixed partitions: [ReAgentc.exe] --Partition info-- ... [ReAgentc.exe] Get downlevel ReAgent config [ReAgentc.exe] Downlevel config file path: \Recovery\ReAgentOld.xml [ReAgentc.exe] Checking for downlevel WinRE installation. [ReAgentc.exe] First round search [ReAgentc.exe] Get ReAgent config [ReAgentc.exe] GetReAgentConfig Config file path: C:\Windows\system32\Recovery\ReAgent.xml [ReAgentc.exe] CheckRegKey test hook (SystemSetupInProgress) present and disabled [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] Failed to get recovery entries: 0xc0000225 [ReAgentc.exe] winreGetWinReGuid returning 0X490 [ReAgentc.exe] ReAgentConfig::ReadBcdAndUpdateEnhancedConfigInfo WinRE disabled, WinRE Guid could not be determined (0x490) [ReAgentc.exe] FindWinReSourceImageAndPartition No source winre.wim was specified. Checking for a staged winre.wim. [ReAgentc.exe] FindWinReSourceImageAndPartition using winre.wim from \?\GLOBALROOT\device\harddisk0\partition3\temp [ReAgentc.exe] --Install on target OS step 2: detect and fix if there is any issue for winre settings [ReAgentc.exe] DetectAndFixWinReIssues nothing to do because winre is not enabled. [ReAgentc.exe] --Install on target OS step 3: check if we can keep winre.wim in the same partition if it is staged. [ReAgentc.exe] CanKeepWinReOnSamePartitionIfStaged WinRE is staged. Checking that the staged partition is valid for WinRE. [ReAgentc.exe] MeetPartitionRequirements Partition details: {Offset: 122683392, Free space: 110836424704, Total space: 136465649664} [ReAgentc.exe] MeetPartitionRequirements WinRE WIM size: 523051007 [ReAgentc.exe] MeetPartitionRequirements Required free space: 356515840 [ReAgentc.exe] NOTE: Find target partition: source partition will used [ReAgentc.exe] --Install on target OS step 5: set WinRE settings and restore system to a good state when hitting any errors [ReAgentc.exe] Enter SetWinRESettings [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Copying WinRE from \?\GLOBALROOT\device\harddisk0\partition3\temp to staging location on \?\GLOBALROOT\device\harddisk0\partition3 [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Copied WinRE to staging location [ReAgentc.exe] Creating BCD entry [ReAgentc.exe] WinRE created BCD entry: : {FC5A3EEB-B113-11EE-A4AB-000C29B9BB01} [ReAgentc.exe] Moving Winre and boot.sdi from staging location to target [ReAgentc.exe] Moved Winre and boot.sdi from staging location to target [ReAgentc.exe] Updating reagent.xml [ReAgentc.exe] Set WinRE location path to: \Recovery\WindowsRE [ReAgentc.exe] Set recovery guid [ReAgentc.exe] Set scheduled operation: WinReNoOperation [ReAgentc.exe] Set OS build version: 19041.1.amd64fre.vb_release.191206-1406 [ReAgentc.exe] Set Wimboot state: 0 [ReAgentc.exe] Set install state to: enabled [ReAgentc.exe] Setting the recovery sequence for the target OS. ... [ReAgentc.exe] Creating backup of reagent.xml [ReAgentc.exe] Created backup of reagent.xml [ReAgentc.exe] Configuring the WinRE validation task. ... [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] WinRE is installed [ReAgentc.exe] Loading boot index 1 [ReAgentc.exe] winreValidateWimFile took 78 ms. [ReAgentc.exe] WinReValidateRecoveryWimInternal took 2281 ms. [ReAgentc.exe] Completed the WinRE validation task. ... [ReAgentc.exe] Storing disk info in NVRAM [ReAgentc.exe] GetFirmwareEnvironmentVariableW() = 0xcb [ReAgentc.exe] NVRAM update not necessary [ReAgentc.exe] Stored disk info in NVRAM [ReAgentc.exe] Deleting file C:\Windows\system32\Recovery\Winre.wim [ReAgentc.exe] SetWinRESettings return with error code 0x0 [ReAgentc.exe] WinReInstallOnTargetOSInternal WinRE installation completed successfully. [ReAgentc.exe] Exit WinReInstall return value: 1, last error: 0x0 [ReAgentc.exe] Enter WinReSetConfig [ReAgentc.exe] Parameters: configWinDir: NULL [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] WinRE is installed [ReAgentc.exe] Exit WinReSetConfig return value: 1, last error: 0x0 [ReAgentc.exe] Clear non critical error when enabling auto repair [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] -----Exiting command line: reagentc /enable, Error: 0-----
对比默认状态与用过/setreimage后的日志,默认状态搜索合适的「恢复分区」,非 默认状态时根据备份目录定位目标分区:
[ReAgentc.exe] CanPutWinREOnOtherPartitions WinRE is not staged. Searching for a suitable partition for WinRE. [ReAgentc.exe] Entering FindTargetPartition [ReAgentc.exe] Start looping through each partition and initialize os partition, recovery partition and system partition for MBR [ReAgentc.exe] skip GPT Partition which type is not PARTITION_MSFT_RECOVERY_GUID [ReAgentc.exe] NOTE: find existing WinRE partition and continue [ReAgentc.exe] ----Search target partition option #1: try existing WinRE partition [ReAgentc.exe] Found target partition: use the existing WinRE partition, offset: 136588558336 [ReAgentc.exe] Enter SetWinRESettings
[ReAgentc.exe] CanKeepWinReOnSamePartitionIfStaged WinRE is staged. Checking that the staged partition is valid for WinRE. [ReAgentc.exe] MeetPartitionRequirements Partition details: {Offset: 122683392, Free space: 110836424704, Total space: 136465649664} [ReAgentc.exe] NOTE: Find target partition: source partition will used [ReAgentc.exe] Enter SetWinRESettings
5.5) 用过/setreimage后回到默认状态
一旦用过/setreimage,再想回到默认状态,只能手工编辑:
C:\Windows\system32\Recovery\ReAgent.xml
使之内容同默认/disable状态的ReAgent.xml,WinreLocation、ImageLocation为无 效值,InstallState、WinREStaged为0。并确保存在:
C:\Windows\system32\Recovery\winre.wim
然后/enable回到默认状态。无法靠/setreimage回到默认状态,如下命令"并不会"回 到默认状态:
reagentc /setreimage /path C:\Windows\system32\Recovery
这仍将进入备份目录与目标目录的状态。
6) 将WinRE布署到VHDX文件中
不考虑实际意义,只讨论技术可能性。
用diskmgmt.msc创建800MB的WinRE.vhdx,GPT/NTFS,分配盘符V。diskpart也可加载 VHDX文件:
diskpart
select vdisk file=C:\temp\WinRE.vhdx
attach vdisk
list vdisk
list disk
list volume
select volume
假设现在是默认/enable状态,原「恢复分区」分配盘符T。
reagentc /disable mkdir V:\Recovery\WindowsRE xcopy /h C:\Windows\system32\Recovery\winre.wim V:\Recovery\WindowsRE reagentc /setreimage /path V:\Recovery\WindowsRE reagentc /enable reagentc /info dir /a /s V:\Recovery dir /a /s C:\Windows\system32\Recovery
notepad C:\Windows\system32\Recovery\ReAgent.xml
notepad V:\Recovery\WindowsRE\ReAgent.xml
改两个ReAgent.xml是冗余步骤,可以不改;但改之后,/disable时有默认状态的效 果。这样干过之后,WinRE.vhdx已可用作WinRE。若有强迫症,可进一步冗余操作:
diskpart
选中V盘所在分区
gpt attributes=0x8000000000000001 set id="de94bba4-06d1-4d40-a16a-bfd50179d6ac" override
选中T盘所在分区
gpt attributes=0x0000000000000000 set id="ebd0a0a2-b9e5-4433-87c0-68b6b72699c7" override
实际测试WinRE.vhdx用作WinRE之前,为避免误判,索性格式化T盘,确保原「恢复分 区」已废。确保不存在"C:\Recovery":
attrib -h -s C:\Recovery rd /s /q C:\Recovery dir /a /s C:\Recovery
删除V盘符:
mountvol V:\ /D
查看当前WinRE版本信息:
reagentc /info | findstr /c:"Windows RE location" dism /get-imageinfo /imagefile:\?\GLOBALROOT\device\harddisk1\partition2\Recovery\WindowsRE\winre.wim /index:1
最后按住Shift重启,进WinRE实测,没有问题。进WinRE时会自动加载VHDX文件,可 在WinRE中用diskpart确认:
diskpart list vdisk list disk list volume
可能靠BCD传递信息。但重启进正常系统时,不会自动加载VHDX文件,/info给了不同 寻常的显示:
$ reagentc /info
Windows RE status: Disabled
Windows RE location:
Boot Configuration Data (BCD) identifier: 793df6d9-b382-11ee-a4b0-000c29b9bb01
Recovery image location:
Recovery image index: 0
Custom image location:
Custom image index: 0
显示WinRE禁用中,"Windows RE location"为空,但BCD是有效值,常规/disable状 态BCD是无效值(全零)。需要手工加载VHDX文件,/info就会给正确信息了。
假设已加载VHDX文件,再次/disable,会备份到:
C:\Windows\system32\Recovery\winre.wim
这是默认状态的效果。再次/enable:
del C:\Windows\Logs\Reagent\Reagent.log reagentc /enable reagentc /info dir /a /s C:\Recovery dir /a /s C:\Windows\system32\Recovery notepad C:\Windows\system32\Recovery\ReAgent.xml notepad C:\Windows\Logs\Reagent\Reagent.log
从日志中清楚地看出,再次/enable时目标分区不是原V盘所在分区,目标分区是C盘 所在分区,因为在物理硬盘中未找到「恢复分区」,来了个保底操作。
[ReAgentc.exe] -----Executing command line: reagentc /enable----- [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] Enter WinRECheckGuid [ReAgentc.exe] Parameter: TargetOsGuid: : NULL [ReAgentc.exe] Exit WinRECheckGuid return error code: 0x0 [ReAgentc.exe] Enter WinReInstall [ReAgentc.exe] Parameter: ReInstallBecauseOfBitlocker: 0 [ReAgentc.exe] --Install on target OS step 1: collect info like partition list, loading reagent.xml, source winre.wim and partition [ReAgentc.exe] Enumerate and log all fixed partitions: [ReAgentc.exe] --Partition info-- [ReAgentc.exe] VolumeName: \?\Volume{9e7ed59b-1112-48f0-874f-c32174736633}, PartitionName: \?\GLOBALROOT\device\harddisk0\partition1 [ReAgentc.exe] Partition number: 1, offset: 1048576, free space: 72815616, total space: 100663296 [ReAgentc.exe] DiskNumber:0, DiskSignature:0, NTFS:0, Mbr:0, Active:0, Boot:0, BitlockerEnabled:0 [ReAgentc.exe] GPT partition GUID:: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B} [ReAgentc.exe] DiskId: {07933C59-6224-429B-AEFE-42FF5C380F73} [ReAgentc.exe] --Partition info-- [ReAgentc.exe] VolumeName: \?\Volume{6303ec97-2d4c-4882-9ff4-65da10456c70}, PartitionName: \?\GLOBALROOT\device\harddisk1\partition2 [ReAgentc.exe] Partition number: 2, offset: 16777216, free space: 804982784, total space: 819982336 [ReAgentc.exe] DiskNumber:1, DiskSignature:0, NTFS:1, Mbr:0, Active:0, Boot:0, BitlockerEnabled:0 [ReAgentc.exe] GPT partition GUID:: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC} [ReAgentc.exe] DiskId: {4F4FDACC-26E8-4CD3-A87F-CEFC78AEFE55}
上面是V盘
[ReAgentc.exe] --Partition info-- [ReAgentc.exe] VolumeName: \?\Volume{38a4136a-9e42-4f9f-b6f8-bc54c7781fdf}, PartitionName: \?\GLOBALROOT\device\harddisk0\partition4 [ReAgentc.exe] Partition number: 4, offset: 136588558336, free space: 834293760, total space: 849342464 [ReAgentc.exe] DiskNumber:0, DiskSignature:0, NTFS:1, Mbr:0, Active:0, Boot:0, BitlockerEnabled:0 [ReAgentc.exe] GPT partition GUID:: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7} [ReAgentc.exe] DiskId: {07933C59-6224-429B-AEFE-42FF5C380F73}
上面是T盘
[ReAgentc.exe] --Partition info-- [ReAgentc.exe] VolumeName: \?\Volume{8aba082b-fbdd-4116-8a5a-57c4aec3bb8a}, PartitionName: \?\GLOBALROOT\device\harddisk0\partition3 [ReAgentc.exe] Partition number: 3, offset: 122683392, free space: 110135820288, total space: 136465649664 [ReAgentc.exe] DiskNumber:0, DiskSignature:0, NTFS:1, Mbr:0, Active:0, Boot:1, BitlockerEnabled:0 [ReAgentc.exe] GPT partition GUID:: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7} [ReAgentc.exe] DiskId: {07933C59-6224-429B-AEFE-42FF5C380F73}
上面是C盘
[ReAgentc.exe] Get downlevel ReAgent config [ReAgentc.exe] Downlevel config file path: \Recovery\ReAgentOld.xml [ReAgentc.exe] Checking for downlevel WinRE installation. [ReAgentc.exe] read xml file (\Recovery\ReAgentOld.xml) failed: 0x3 [ReAgentc.exe] ReAgentXMLParser::ParseConfigFile failed to read config xml file (0x3) in file base\diagnosis\srt\reagent2\reinfo\parser_2.0.cpp line 784 [ReAgentc.exe] ReAgentXMLParser::ParseConfigFile (xml file: \Recovery\ReAgentOld.xml) returning 0x3 [ReAgentc.exe] ReAgentConfig::ParseConfigFile returned with 0x3 [ReAgentc.exe] ReAgentConfig::Init failed to init reagent xml parser (0x3) in file base\diagnosis\srt\reagent2\reinfo\parser_2.0.cpp line 1921 [ReAgentc.exe] Ignore the error 3 in function GetDownlevelReAgentConfig [ReAgentc.exe] First round search [ReAgentc.exe] Get ReAgent config [ReAgentc.exe] GetReAgentConfig Config file path: C:\Windows\system32\Recovery\ReAgent.xml [ReAgentc.exe] CheckRegKey test hook (SystemSetupInProgress) present and disabled [ReAgentc.exe] Update enhanced config info is enabled. [ReAgentc.exe] Failed to get recovery entries: 0xc0000225 [ReAgentc.exe] winreGetWinReGuid returning 0X490 [ReAgentc.exe] ReAgentConfig::ReadBcdAndUpdateEnhancedConfigInfo WinRE disabled, WinRE Guid could not be determined (0x490) [ReAgentc.exe] FindWinReSourceImageAndPartition No source winre.wim was specified. Checking for a staged winre.wim. [ReAgentc.exe] FindWinReSourceImageAndPartition using winre.wim from C:\Windows\system32\Recovery [ReAgentc.exe] --Install on target OS step 2: detect and fix if there is any issue for winre settings [ReAgentc.exe] DetectAndFixWinReIssues nothing to do because winre is not enabled. [ReAgentc.exe] --Install on target OS step 3: check if we can keep winre.wim in the same partition if it is staged. [ReAgentc.exe] --Install on target OS step 4: check if we can put winre.wim in other partitions or create one if needed. [ReAgentc.exe] CanPutWinREOnOtherPartitions WinRE is not staged. Searching for a suitable partition for WinRE. [ReAgentc.exe] Entering FindTargetPartition [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Not allowed to repartition the disk [ReAgentc.exe] Start looping through each partition and initialize os partition, recovery partition and system partition for MBR [ReAgentc.exe] Checking partition at offset 1048576, partition number: 1 [ReAgentc.exe] skip GPT Partition which type is not PARTITION_MSFT_RECOVERY_GUID [ReAgentc.exe] Checking partition at offset 16777216, partition number: 2 [ReAgentc.exe] skip partition because it is not on the same disk as staging partition [ReAgentc.exe] Checking partition at offset 136588558336, partition number: 4 [ReAgentc.exe] skip GPT Partition which type is not PARTITION_MSFT_RECOVERY_GUID [ReAgentc.exe] Checking partition at offset 122683392, partition number: 3 [ReAgentc.exe] find OS partition [ReAgentc.exe] Complete looping through each partition [ReAgentc.exe] ----Search target partition option #1: try existing WinRE partition [ReAgentc.exe] ----Search target partition option #2: try first recovery partition [ReAgentc.exe] ----Search target partition option #3: try system partition for MBR [ReAgentc.exe] ----Search target partition option #4: try new recovery partition if allowed [ReAgentc.exe] ----Search target partition option #5: try target OS partition
只在物理harddisk0中找「恢复分区」,不在虚拟harddisk1中找「恢复分区」,未找 到时,征用「OS分区」,将WinRE布署至"C:\Recovery\WindowsRE"。
[ReAgentc.exe] MeetPartitionRequirements Partition details: {Offset: 122683392, Free space: 110135820288, Total space: 136465649664} [ReAgentc.exe] MeetPartitionRequirements WinRE WIM size: 523051007 [ReAgentc.exe] MeetPartitionRequirements Required free space: 356515840 [ReAgentc.exe] Found target partition: use target OS partition, offset: 122683392 [ReAgentc.exe] Exit FindTargetPartition returns with status code: 0x0 [ReAgentc.exe] --Install on target OS step 5: set WinRE settings and restore system to a good state when hitting any errors [ReAgentc.exe] Enter SetWinRESettings [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Copying WinRE from C:\Windows\system32\Recovery to staging location on \?\GLOBALROOT\device\harddisk0\partition3 [ReAgentc.exe] RegLoadKey $OFFLINE$SYSTEM failed. Error: 0x522. [ReAgentc.exe] Copied WinRE to staging location [ReAgentc.exe] Creating BCD entry [ReAgentc.exe] WinRE created BCD entry: : {3C581637-B376-11EE-A4AE-000C29B9BB01} [ReAgentc.exe] Moving Winre and boot.sdi from staging location to target [ReAgentc.exe] Moved Winre and boot.sdi from staging location to target [ReAgentc.exe] Updating reagent.xml [ReAgentc.exe] Set WinRE location path to: \Recovery\WindowsRE [ReAgentc.exe] Set recovery guid [ReAgentc.exe] Set scheduled operation: WinReNoOperation [ReAgentc.exe] Set OS build version: 19041.1.amd64fre.vb_release.191206-1406 [ReAgentc.exe] Set Wimboot state: 0 [ReAgentc.exe] Set install state to: enabled [ReAgentc.exe] Setting the recovery sequence for the target OS. ... [ReAgentc.exe] WinRE is installed [ReAgentc.exe] Exit WinReSetConfig return value: 1, last error: 0x0 [ReAgentc.exe] Clear non critical error when enabling auto repair [ReAgentc.exe] ------------------------------------------------------ [ReAgentc.exe] -----Exiting command line: reagentc /enable, Error: 0-----
将WinRE布署到VHDX文件中,希望/disable后/enable可继续使用VHDX文件,为达此目 的,不能追求默认状态效果;只能用/setreimage,只能让ImageLocation指向虚拟分 区备份目录,不得为无效值。
7) 切换WinRE所在分区
清晰起见,小结一下前述各种实验结果。先约定一些名词:
日志 C:\Windows\Logs\Reagent\Reagent.log 配置文件 C:\Windows\system32\Recovery\ReAgent.xml
备份目录 /disable时用于备份winre.wim,即ReAgent.xml中ImageLocation
备份分区 备份目录所在分区,靠ImageLocation的"guid+offset"确定
目标目录 /enable时用于布署winre.wim,即ReAgent.xml中WinreLocation
目标分区 目标目录所在分区,靠WinreLocation的"guid+offset"确定
WinreLocation的"guid+offset"可变,path固定为"\Recovery\WindowsRE"
ImageLocation有两种情况,据此定义两种状态:
非默认状态 ImageLocation为有效值
为退出非默认状态、返回默认状态,必须手工编辑ReAgent.xml
默认状态 ImageLocation为无效值
默认状态备份目录固定为"C:\Windows\system32\Recovery"
两种状态确定目标分区(WinRE所在分区)的方式不同:
非默认状态 备份分区即目标分区,备份目录、目标目录可同可不同 ImageLocation出现有效值,即同时指定备份分区、目标分区
默认状态 在物理硬盘中根据分区类型找「恢复分区」用作目标分区 若未找到「恢复分区」,将「OS分区」用作目标分区(一般是C盘)
切换WinRE所在分区最简方案是用/setreimage。既想切换WinRE所在分区,又想保持 默认状态,非高级用户不要尝试。
8) KB5034441升级失败的另类解决方案
至此,对于无洁癖用户,KB5034441升级失败的解决方案就多了,大不了用C盘呗。不 考虑各种排列组合,只考虑常见默认情形,"reagentc /info"表明已有「恢复分区」, 但KB5034441升级失败,又不想或不便扩容「恢复分区」,怎么办?
在管理员级cmd中执行:
reagentc /info | findstr /c:"Windows RE location" (记下硬盘号、分区号) reagentc /disable dir /a /s C:\Windows\system32\Recovery
确保winre.wim位于默认备份目录。接下来,只要废掉原「恢复分区」,就会自动征 用C盘,不必手动准备目标目录。可用diskpart废掉原「恢复分区」,比如删除原「 恢复分区」,或者修改原「恢复分区」的类型。假设是GPT分区表,以后者举例:
diskpart select disk 0 (不要照抄,要对应「恢复分区」所在硬盘) select partition 4 (不要照抄,要对应「恢复分区」) gpt attributes=0x0000000000000000 set id="ebd0a0a2-b9e5-4433-87c0-68b6b72699c7" override exit
若是MBR分区表
set id=07 override
接下来
reagentc /enable dir /a /s C:\Windows\system32\Recovery dir /a /s C:\Recovery
之后再次安装KB5034441,升级成功。整个过程无需Win10原始安装盘。
若初始一刻干脆没有「恢复分区」,也未用"C:\Recovery\WindowsRE",若看懂本文, 自有解决之道,若未看懂,这儿也不展开了,排列组合太多,大家领会精神。
考虑到WinRE的重要性、可用性,非独立物理「恢复分区」的各种解决之道,均不可 取,洁癖用户勿用这些歪招。
☆ dism命令详解
后面介绍用dism查看wim文件。
/get-wiminfo Displays information about images in a WIM file. /get-imageinfo Displays information about images in a WIM, a VHD or a FFU file. /list-image Displays a list of the files and folders in a specified image. /mount-wim Mounts an image from a WIM file. /mount-image Mounts an image from a WIM or VHD file.
dism /get-wiminfo /wimfile:some.wim /index:1 dism /get-imageinfo /imagefile:some.wim /index:1 dism /list-image /imagefile:some.wim /index:1 | more
mkdir some dism /mount-wim /wimfile:some.wim /index:1 /mountdir:some /readonly /ea (只读操作) dism /unmount-wim /mountdir:some /discard
dism /mount-wim /wimfile:some.wim /index:1 /mountdir:some /ea (读写操作) dism /unmount-wim /mountdir:some /commit /ea
dism /mount-image /imagefile:some.wim /index:1 /mountdir:some /readonly /optimize /checkintegrity (只读操作) dism /unmount-image /mountdir:some /discard
dism /mount-image /imagefile:some.wim /index:1 /mountdir:some /optimize /checkintegrity (读写操作) dism /unmount-image /mountdir:some /commit /checkintegrity
☆ 后记
关于KB5034441的幺蛾子,有太多野鸡式扯淡解决方案,每一种升级成功背后都有个 合理的解释,但这些野鸡式扯淡并未给出正确解释,算是秃驴(佛)系升级成功吧。
我猜微软要就此出个新补丁,受影响个体太多了。
☆ 参考资源
[1] KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024 https://support.microsoft.com/en-us/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8 https://support.microsoft.com/zh-cn/topic/kb5034441-适用于-windows-10-版本-21h2-和-22h2-的-windows-恢复环境更新-2024-年-1-月-9-日-62c04204-aaa5-4fee-a02a-2fdea17075a8 https://support.microsoft.com/help/5034441
KB5028997: Instructions to manually resize your partition to install the WinRE update
https://support.microsoft.com/en-us/topic/kb5028997-instructions-to-manually-resize-your-partition-to-install-the-winre-update-400faa27-9343-461c-ada9-24c8229763bf
https://support.microsoft.com/zh-cn/topic/kb5028997-手动调整分区大小以安装-winre-更新的说明-400faa27-9343-461c-ada9-24c8229763bf
https://support.microsoft.com/help/5028997
KB5034440: Windows Recovery Environment update for Windows 11, version 21H2: January 9, 2024
https://support.microsoft.com/en-us/topic/kb5034440-windows-recovery-environment-update-for-windows-11-version-21h2-january-9-2024-1e07724a-3547-40f5-99ff-862cc48fd523
https://support.microsoft.com/zh-cn/topic/kb5034440-适用于-windows-11-版本-21h2-的-windows-恢复环境更新-2024-年-1-月-9-日-1e07724a-3547-40f5-99ff-862cc48fd523
https://support.microsoft.com/help/5034440
KB5034439: Windows Recovery Environment update for Azure Stack HCI, version 22H2 and Windows Server 2022: January 9, 2024
https://support.microsoft.com/en-us/topic/kb5034439-windows-recovery-environment-update-for-azure-stack-hci-version-22h2-and-windows-server-2022-january-9-2024-6f9d26e6-784c-4503-a3c6-0beedda443ca
https://support.microsoft.com/help/5034439
[2] BIOS/MBR-based hard drive partitions https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-biosmbr-based-hard-drive-partitions?view=windows-11
[3] Veeam Agent - Windows recovery image file not found [2023-12-06] https://www.veeam.com/kb2685 https://web.archive.org/save/https://www.veeam.com/kb2685 https://web.archive.org/web/20240112040736/https://www.veeam.com/kb2685
[4] 《Win10开管理员级资源管理器》 https://scz.617.cn/windows/202401111737.txt
《shortcut/hard link/junction point/symbolic link简介》
https://scz.617.cn/windows/201510151343.txt
[5] Boot to a virtual hard disk: Add a VHDX or VHD to the boot menu - [2021-10-05] https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/boot-to-vhd--native-boot--add-a-virtual-hard-disk-to-the-boot-menu (演示bcdboot命令)
Deploy Windows with a VHDX (Native Boot) - [2023-04-17]
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/deploy-windows-on-a-vhd--native-boot
Capture and apply Windows, system, and recovery partitions - [2021-11-30]
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/capture-and-apply-windows-system-and-recovery-partitions
Deploy Windows RE - [2021-10-26]
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/deploy-windows-re
Customize Windows RE - [2022-09-30]
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/customize-windows-re
[6] How to move the recovery partition on Windows 10 - [2019-06-27] https://superuser.com/questions/1453790/how-to-move-the-recovery-partition-on-windows-10