VMware has released vSphere ESXi update to address the Secure Boot issue with Windows Server 2022 virtual machines. Microsoft acknowledged the problem following the release of the security update to Windows Server 2022 on February 14.
According to Microsoft and VMware, some users who installed the KB5022842 update failed to boot virtual machines (VMs) that are enabled with Secure Boot. The Secure Boot feature is designed to prevent malicious software from loading on system start-up. The issue affected ESXi versions vSphere ESXi 7.0x and vSphere ESXi 6.7 U2/U3.
VMware explained that the security update injects a new type of digital signature that is mistakenly rejected by UEFI Secure Boot. This could cause virtual machines to be unable to find an operating system and fail to boot up.
“If you already face the issue, after patching the host to ESXi 7.0 Update 3k, just power on the affected Windows Server 2022 VMs. After you patch a host to ESXi 7.0 Update 3k, you can migrate a running Windows Server 2022 VM from a host of version earlier than ESXi 7.0 Update 3k, install KB5022842, and the VM boots properly without any additional steps required,” VMware explained.
Workaround to fix Secure Boot error on Windows Server 2022 VMs
Additionally, VMware has provided a temporary workaround for affected organizations that can’t immediately deploy the vSphere ESXi update. The company is recommending customers to update the ESXi Host to version 8.0 or disable the Secure Boot option on the virtual machines.
Users can disable Secure Boot by first shutting down the VM, right-clicking on it, and then selecting Edit Settings. Finally, click the VM Options tab and uncheck the Secure Boot enabled option available under Boot Option.
In related news, Microsoft is also investigating an issue that prevents some Windows Server Update Services (WSUS) from pushing updates to Windows 11 22H2 client devices. The problem impacts WSUS servers that upgraded from Windows Server 2016 and 2019 to Windows Server 2022.