2 min

VMware has released an emergency update for an issue around booting Windows Server 2022 vm’s on vSphere ESXi servers. The problem occurs after installing the recent Patch Tuesday KB5022842 update.

After the Patch Tuesday update, Windows Server 2022 vm’s that have Secure Boot enabled were found to fail to boot. Specifically, this affected Windows Server 2022 vm’s running on the VMware ESXi 6.7 U2/U3 and 7.0x versions. Meanwhile, it also indicated that other hypervisors and bare-metal servers were affected by the flaw.

According to VMware, the flaw lies in that the Windows update package provides a new kind of digital signature on the EFI bootloader. This signature is then incorrectly rejected by the UEFI Secure Boot. As a result, vm’s may fail to detect a bootable operating system and thus fail to boot.

Fix with ESXI 7.0 Update 3k

To correct this problem, VMware has now presented a fix in the form of the ESXi 7.0 Update 3k. The update fixes the problem and allows administrators to revive vm’s that no longer boot. Users affected by the Microsoft KB5022842 update can turn on the non-starting vm’s after patching the host to the new ESXi 7.0 update.

Also, administrators took the ESXi 7.0 Update 3k patch can migrate a running Windows Server 2022 vm from a host or version earlier than this patch and then install the KB5022842 update. After this, the affected Windows Server 2022 will boot normally without additional intervention.

Existing workarounds still valid

In addition to this patch, VMware indicates that existing workarounds are still valid. As a first workaround, once administrators have installed the update, they had better upgrade the VMware ESXi Host to VMware ESXi 8.0.

A second option, before they install the KB5022842 update, is to disable Secure Boot on the vm’s. For this, VMware provides a roadmap. The third and final temporary workaround, should they not already have done so, is to delay installing the KB5022842 update.

If the Patch Tuesday update is installed anyway, users can only upgrade to VMWare ESXi 7.0 Update 3k or disable Secure Boot.

WSUS server issue still unresolved

The non-starting vm’s for Windows Server 2022 is not the only problem administrators faced after the latest Patch Tuesday. For example, WSUS servers upgraded to Windows 2022 fail to push the February 2022 Windows 11 22H2 updates to clients. Microsoft is still working on a solution to this problem.

Also read: Problems with Windows Server VMs on VMware after Patch Tuesday updates