This week Microsoft released this month’s routine security update to supported versions of Windows, including the KB5022842 update for Windows Server 2022, which appears to bring new issues.
Specifically, Windows Server 2022 installed in VMware will not boot, seemingly because the patch modifies secure boot, and VMware has now released support documentation.
Here are VMware’s instructions：
After installing Windows Server 2022 KB5022842 (Build 20348.1547), the guest operating system fails to start when a virtual machine configured with secure boot enabled is running on vSphere EXSi 6.7 U2/U3 or vSphere EXSi 7.0.x.
The image DENIED message appears in the vmware.log：
2023-02-15T05:34:31.379Z In (05) vcpu-0 - SECUREBOOT: Signature: 0 in db, 0 in dbx, 1 unrecognized, 0 unsupported alg. 2023-02-15T05:34:31.379Z In (05) vcpu-0 - Hash: 0 in db, 0 in dbx. 2023-02-15T05:34:31.379Z In (05) vcpu-0 - SECUREBOOT: Image DENIED.
Current interim solution：
This issue does not affect vSphere EXSi 8.0, but there are currently no solutions for vSphere EXSi 6.7 U2/U3 and vSphere EXSi 7.0.x. There are three interim solutions.
- 1. vSphere EXSi upgrade to version 8.0
- 2. Disable Secure Boot for Windows Server 2022
- 3. Do not install KB5022842
Microsoft has not responded to this issue yet, so I guess we have to wait for Microsoft to release a fix to completely solve the problem.