💻 [runtimeterror $]

2023-02-17 ~ 2023-02-21

PSA: Microsoft's KB5022842 breaks Windows Server 2022 VMs with Secure Boot

<-- note -->

VMware has released a fix for this problem in the form of ESXi 7.0 Update 3k [1]:

> If you already face the issue, after patching the host to ESXi 7.0 Update 3k, just power on the affected Windows Server 2022 VMs. After you patch a host to ESXi 7.0 Update 3k, you can migrate a running Windows Server 2022 VM from a host of version earlier than ESXi 7.0 Update 3k, install KB5022842, and the VM boots properly without any additional steps required.

<-- /note -->

[1] ESXi 7.0 Update 3k

Microsoft released a patch [2] this week for Windows Server 2022 that might cause some big problems [3] in VMware environments. Per VMware's KB90947 [4]:

> After installing Windows Server 2022 update KB5022842 (OS Build 20348.1547), guest OS can not boot up when virtual machine(s) configured with secure boot enabled running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x.

>

> Currently there is no resolution for virtual machines running on vSphere ESXi 6.7 U2/U3 and vSphere ESXi 7.0.x. However the issue doesn't exist with virtual machines running on vSphere ESXi 8.0.x.

[2] a patch

[3] big problems

[4] VMware's KB90947

So yeah. That's, uh, *not great.*

If you've got any **Windows Server 2022** VMs with **Secure Boot [5]** enabled on **ESXi 6.7/7.x**, you'll want to make sure they *do not* get **KB5022842** until this problem is resolved.

[5] Secure Boot

I put together a quick PowerCLI query to help identify impacted VMs in my environment:

Be careful out there!

---

📧 Reply by email

Related articles

Enabling FIPS Compliance Fixes Aria Lifecycle 8.14

I Ditched vSphere for Proxmox VE

Tailscale on VMware Photon OS

---

Home

This page on the big web