Resolving Windows Server 2022 Boot Failure after Update KB5022842 on vSphere ESXi 6.7 U2/U3 and 7.0.x

Introduction:

Windows Server 2022 users have recently experienced an issue where the guest operating system (OS) cannot boot up when the virtual machine (VM) is configured with Secure Boot enabled and running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x. This issue occurs after installing the Windows Server 2022 update KB5022842 (OS Build 20348.1547). In this blog post, we will discuss the problem, how to identify it, and the steps to resolve it.

Identifying the Issue:

The boot failure issue can be identified by looking at the vmware.log file in the VM folder. An ‘Image DENIED’ message similar to the one below can be found in the log:

2023-02-15T05:34:31.379Z In(05) vcpu-0 - SECUREBOOT: Signature: 0 in db, 0 in dbx, 1 unrecognized, 0 unsupported alg.
2023-02-15T05:34:31.379Z In(05) vcpu-0 - Hash: 0 in db, 0 in dbx.
2023-02-15T05:34:31.379Z In(05) vcpu-0 - SECUREBOOT: Image DENIED.

Resolution:

Microsoft released an update on March 14, 2023 (KB5023705), which resolves this issue. Alternatively, users can upgrade to VMware ESXi 7.0 U3k, released on February 21, 2023, to fix the problem.

Notes:

  • Virtual machines running on any version of vSphere ESXi 8.0.x are not impacted by this issue.
  • vSphere ESXi 6.7 is End of General Support. For more information, see The End of General Support for vSphere 6.5 and vSphere 6.7 is October 15, 2022.
  • If you have already faced the issue, follow the steps outlined in the original post above after patching the host to ESXi 7.0 Update 3k or applying the Windows update KB5023705.

Workaround:

If upgrading is not possible at this time, there are two methods to avoid this issue:

  1. Disable “Secure Boot” on the VMs.
  2. Do not install the KB5022842 patch on any Windows 2022 Server virtual machine until the issue is resolved.

To disable the “Secure Boot” option on a virtual machine, follow the steps outlined in the original post above.

🔥Subscribe to the channel: https://bit.ly/3vY16CT🔥

🚨Read my blog: https://angrysysops.com/

👊Twitter: https://twitter.com/AngrySysOps
👊Facebook: https://www.facebook.com/AngrySysOps
👊My Podcast: https://bit.ly/39fFnxm
👊Mastodon: https://techhub.social/@AngryAdmin

🔥vExpert info: https://bit.ly/3vXGPOa

🛒 VMware EMEA store: https://imp.i263671.net/c/3505578/814646/11461

🛒 VMware US store: https://imp.i263671.net/c/3505578/814642/11461

🛒 VMware APAC store: https://imp.i263671.net/c/3505578/814645/11461

Please leave the comment