Windows 10 0xc00021a boot error, i had tried almost everything... Its possible to repair Win10 without losing system settings?

[ruthan]

Hi,
im struggling for quite a long time with 0xc00021a Windows 10 boot error, its UEFI version of WIndows 10, if it matters and i have only EFI partition and one 1 machines not Recovery partition and not ESR 128 Mb service partition, i never needed it for anything and when i upgraded install it was not create, its probably not mandatory same as Recovery partition, because recovery enviroment is in C:\Recovery hidden folder too.

I have tried a lot of things, sfc - is fine, dism is fine. Error description is for lots of source of this error.. I have tried to enable ntbtlog.txt, but it seems that its happening before log is create, so i dont have any clues to fix it.
It seems to new bug.
  It happened after some update, i might get out of space during updating, because of app generated 30 GB error file.  I had some restore points, but during restoring i got error, maybe because of now enough space and after restore point data disappered and my last full backup is quite old.

  I have tried manaul BCDedit fixing, all boot fixing utilities which i found - Paragon, EasyUS, Aomie, Dual boot repait, VisualBCD, Bootice, Lazesoft. Bootsec, Hasleo Easy UEFI, including deleting and rebuild EFI partition.
  I haved tried all boot modes - enable logging, safe mode, recovery, autorepair - there is error hardisk not found..

   What is more interesting, i even managed to replicate error on Windows 10 togo on USB-NVME driver, on different hardware.. (intel Z370 + AMD 450 - Ryzen 2600 )Its probably again cause by some recent update, or by some BCD change, because some tools are updating try to fix, all connected BCD by mistake... and im unable to fix it even on USB-NVME install on other computer.

  Hardware is ok for sure, because its happening on multiple devices, liveCD are booting fine. Im quite sure that is not because some virus.

  Only thing which im able to ""fix" it is restore whole NVME-USB installation EFI + System partition, restore EFI partition alone is not enough its somehow connected.
  I googled alot, but found only generic tutorials for classic - sfc/dism / bcd fixing.. Disabling some addional disk or disconning devices is not helping too.  I did not found success stories, just people who git complete reinstall or machine reset.

Its possible somehow repair WIndows 10 without losing system settings - installed programs, registry settings and normal files?
I saw some /auto setup.exe settings, but when i tried setup.exe /auto othre commands, i always get unknow option /auto error.

 

Edited August 2 by ruthan

[ruthan]

I was experimenting with NVME-USB install, this time and recovered only main windows partition and used EFI partition adjusted by lots of experimenting and this time it booted fine. Right before partition recovery i tried to boot, so did nothing new with EFI partition to make system bootable.

  I can also say that its crashing before graphical BCD metro menu with multiple enteries its loaded, its loading for while, its not quick crash, like 10 second.. I have multiple BCD enteries because of my experiments.
  

  Im not aware that i did something extra with WIndows install on main parition its stuck to 1803 version, because USB version upgrading problem, some security roll up updates where installed, also constant upgrading update which is failing its running.. and i installed a few "normal" problems to make it more usable, nothing suspicious, i also doubt that i have some virus and same one on my 2 machine. It has to be something ugly.

   Only thing which i read online about this error is that it could be related to winlogon.exe and csrss.exe but when DISM and SFC run fine, they should be fine.
   
   If someone know how Windows 10 UEFI boot sequence is working step by step, it may be helpful. 

   I have bad memory but i maybe tried to set number of processors through msconfig to make boot a bit faster before it broke, i saw it some video.. but because i recreated EFI partition if its some parameter there it should be gone, unless its something saved in registry or other system file.
   But i have tried the same thing with NVME-USB and its still booting, so its probably not it.. im not sure if WIndows boot its by default multithreaded. 
   When i removed bcd experiments to avoid BCD menu, whole boot is now like 15 second vs 10 second crash before, it be in more advanced phase of booting, but even when bootlog is force for every boot entry and i use textstyle bootmenu instead of metro one, its still crashing the same way.

  BTW i met this they there is not binary, but source code and way to compile it, in other MS / Intel projects on github, its Linux way and its good way.. That illusion that user will learn something significant form setuping and building all again and again is nonsense.  Its waste of users time, if you multiply it by all users, its man years wasted and its even waste of power and earth resources.. and if not even to make it to wrong at 99%.. anything between 1%..99% mean not working application and you get angry during this process, its not fun for 90% of users, so its even generator of bad mood, which is not good for anyone mental health.

Edited 12 hours ago by ruthan

[ruthan]

One more clue, this crashing short after i hear some sound card initialization sound.. So its probably in driver inicialization phase, but in otherhard its strange that there is not ntbtlog.txt without is enabled and i would expect that it would be created when drive loading phase started..

[ruthan]

I find out where is the problem with ntbtlog.. Its created later after some basic files are loaded:

Before it only some other log is created its named mesasured log, but i need to find some way to parse it.. I have desibled TPM device in BIos and set Secure boot to Custom, becaues there is only Enabled and Custom option in bios, but its the same only measured log is created and not ntbtlog.txt..

Measured log :
https://www.dropbox.com/scl/fi/rhtyws3f4ijupuovje3q4/0000000124-0000000000.log?rlkey=xghuhxtpsoix41huprm471lvj&st=5uw1s653&dl=1
I have tried but so far im failing, to get more that header.

    MS has article about analysis these logs:
https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes 

  It needs some big ADK package, or compile the code for PCPTool.exe . I dont really dont understand why its not distributed as executable, maybe it needs some machine specific variables in exe, but i doubt it. I have tried to find some VS online compiler, but i have failed, i found only single C++ compiler.. There was some preview of Visual Studio compiler, but links are dead..
   First solution use Hardware drivers kit for change require Windows server - but i need only 1 executable from it probably not whole driver debugging enviroments.
   So MS debugging tools for debubing these boot problems really sucks, when i add not classic install repair in Windows 10, its really bad design all is hidden, in comparision to Linux when booting process progress is transparent..

There is also bootstat.dat, which is something like flag that something is wrong with booting and it seem its can cause boot repair loop.. 
For some reason i hit situation when even for valid BCD i was getting 0x0000001 error when i tried to star Win10, it seem there is some broken install flag somewhere, its unclear how to remove it.

I found out that is Autoruns from Window PE / other Windows install - load offline log, to edit drivers and services, only problem is seems that it could enable /disable only some items for other it reports error and i have log hive and edit it manually by using registry path form autoruns. 
  Otherw way to edit drivers+service is be Dism+ utility, it has some updates uninstall options too, but its failing for some for some reason. There is also MS Dart which is some WinPE cds.   

   I now decided to try other approach recover old back and try to add files from current broken install.. to merge it. Does someone experience with this way on fixing? 

Edited August 11 by ruthan

[user57]

its not a security measure, its security against the user or "non-microsoft" (if i remember right they had always a grude against a bootkit (even when it was totally legal)) 

so they decide what you do there - that would describe it right

i would not call it security for that reason - its a missleading term that trys to confuse and lead it to a different discussion point

 

its a old talk like about the monopol position microsoft is taken action for (not the first time) there was something like that even in very past times like with netscape - where microsoft where sued for taking monopol positions

after that list they doing that then is very long - its litterally about billions of money where microsoft where sued for this

 

surely this is about child-abuse or terrorism ? i dont think so - its just a company interest - calling out that is the same missleading term - if you would accept it like that you actually ruined yourself and fall for the trick 

[ruthan]

Well it would be nice, if they would provide some simple tools to analyze boot process - without some server / developer only blob and better error  code handling.. ntbtlog.txt is far from good too, especially if they removed classic installation repair from the boot media.. and automatic registry backup is also disabled by default - as far if its not included within restore point itself. I dont even speak about bcd disaster.. which is really not good idea.. as its complicated object tree, unable to handle multi EFI parititon system, multiple files with Ids (1x boot\bcd, often cloned to windows partition too ; 3x (rescue bcd + rescue.xml) once on EFI partition, once in C:\Recovery and once in recovery Partition )., full of ids which are just made up from thin air, instead of using real partition IDs as Grub2, which at least had one text config file and more only if you are using autogenerating templates and its config files in etc/default/grub.. is not 

   Otherwise if understand that diagram downgrade to MBR non UEFI and TPM install actually provide better logging.. I wonder its possible to use MBR booting - winload.exe instead of winload.efi on disk which is actually GPT? If i remember correctly i was using this with Windows 7 for quite a long time, but i tough that UEFI would be upgrade.

   It should be better with newer versions not worse, but they rather aim on start button position and new not backward compatible user interface API.
   
   So only real solution is make system partitions often.. with is not better in these days too, because every second application creating zillion of small cache files, instead of some big cache file. 

[ruthan]

I have gave up on my main machine for now and restored old backup.. and moved experimenting into Vmware virtual machine, here i connected this machine as MBR disk, its not UEFI / TPM machine, its single partition install, but its failing exactly the same way  
  Only difference is that on such simple setup, automatic start up repair worked right away, i mean that Windows bootloader started, without fidling with bcd files.. and still not ntbtlog.. so its something really ugly, i have tried to run lots of live antivirus and antimalware stuff, it ran for ages, because i have like like 6 millions of files on my disk.. i got some malware / adware reports, but i found say false possitives, because other tools not reported them.. I disabled them anyway, no change.
   I also found out that i could enable / disable drivers through dism+ .. but without any clue is really hard to find out the root of this problem.. and it seems to be same for a lot of people which encountered it..

   I wonder there is msconfig mode to enable MS services Only, im not sure if different from safe mode, but i there wonder some way how to set it on.. i found try it.. i can probably disable services / drivers one by one, its problematic..

Edited August 19 by ruthan

[ruthan]

Hmm, it have tried to remove drivers and services, but only end up with inaccessible boot device, its strange because its 1 partition MBR install, i have tried all bcd fixes, but its still there.. Im not even sure, if this error happens before or after 0xc00021a.. and again not ntbootlog, it really seems that starting Windows 10 procedure is rotten by design.. once its broke, there is very hard to debug it.

[Tripredacus]

I'm not necessarily sure about the error code that you had received, but there have been some instances where I have encountered a seemingly unsolveable boot error on Windows 10/11 like this without being able to fix it. My last resort solution is to image the OS partition and redeploy the entire system. It is time consuming but so far that ends up working.

[ruthan]

Well, all this would be ok.. if they would not removed option to refresh system files and keep system setting from boot installer.

 I experimented a bit more, but through drivers disabling if i dont get this error, i get 2 errors which probably happens before this one:
1) Inaccesible boot device - which is normal and fixable in previous Windows but im not able to fix it there, i have tried all Vmware storage options - IDE / SCSI/ SATA / NVME but its not enough. Fixing bcd files is not enough and Paragon P2V adjust or P2P adjust too. Im not sure if this error is related only to boot storage drivers, or its reported if any system driver is has boot problem, again nothing logged and only way is kernel debugger through serial port and second PC, not thing for standard user, its more for hardware drivers creators.
2) Boot freeze, infinite cog animation and safe mode freeze without cog, maybe again its happening before original error, again no ntbootlog..

  I have found that Vmware convertor has nice drivers / service enable and disable option and probably it has some HW registry fix to boot in virtual, unfortunately its failing with my virtual disk image, there again some unhandled situation and Vmware convertor is picky and works only for typical scenarios (im getting typical disk geometry related pseudo errors like Unable to find system volume, or VSS snapshots cannot be stored because is not enough space on source volumes, or they are not NFTS, well of course EFI is FAT32 and there is lots of space.. ). Some as Acronis Trueimage 2021 universal restore, its refuse to recognize by Windows install, even when all other tools like Lazesoft recovery, dart, DISM managers etc, are fine with it. 
  I also tried to run redetection of new HW during boot, as Windows to go are doing for offline installation, through boot dvd and sysprep, but i failed too, its not started, im not sure if could be made for offline installation in theory it could, but did not find right tutorial for it. 
 
  It seems that only way to debug would be that TPM log parser, but even that is not provided as standard package for advanced users. 
  This seems as typical result of excessive security, same as"National" security parallel virus in USA government. They would claim that make boot process logging as something helping hackers, but i as standard users really value usability over security and like to have options to use security / usability trade offs.. Especially when hackers are always 1 step ahead from security guys and is virus / spyware is "properly" done execute 1 wrong file and use network tool with 1 unfixed security hole with its communication protocol, its enough to get it anyway.

Edited 12 hours ago by ruthan

[Tripredacus]

Refresh still exists but it only works in specific circumstances. In my previous testing, refresh only can work if the WinRE components are the same exact build as the installed OS, but the installed OS build changes with updates. So Refresh can work in a system that doesn't update but that is not typical in a modern system. I also prefer that option as well, as it reminds me of the repair install you could do with XP.

I don't understand the TPM requirement either, especially in regards to the retail market. Probably it was just easier to include an Enterprise feature in all editions and be done with it.