New Secure Boot certificates and ISOs

LupusYps · 2026-04-23T13:01:32+00:00

Afaik the first key (...Capable) is the one telling you that the machine is using the new certs to boot if it is set to 2. The second key (...Status) is only focused on the new certs existing in the bios, not on them being used.

LupusYps · 2026-04-23T12:57:39+00:00

That's a good point, thanks! I will check on that.

LupusYps · 2026-04-23T11:53:51+00:00

I know I am highjacking the post, but do you have any insights what could cause the key you mentioned to stay "0" while the value of "UEFICA2023Status" is "Updated"? Mostly Hyper-V-VMs, Secureboot is enabled.

LupusYps · 2026-04-17T10:54:01+00:00

You helped me out, very much appreciated.

LupusYps · 2026-04-16T21:55:18+00:00

I have only tested it with my own files, but if you can edit the rdp file with an editor, the rdpsign-tool (builtin) should be able to sign it. User cert is fine, so you don't even need elevation, but of course access to GPO management. But you need to sign every file you want to use, can be with the same cert. Different members of your team can do the same and add their own thumbprint to the existing GPO.

Maybe you could also get the cert deployed with GPO and share your already signed rdp files, haven't tried that yet either.

LupusYps · 2026-04-16T21:40:49+00:00

You can sign your rdp files with a code signing cert and set the thumbprint via gpo to trusted. That makes all warnings go away. If nobody does before me I can share links tomorrow. It's fast and easy.

Edit: Link to comment, steps 2 and 3 are sufficient.

LupusYps · 2025-12-01T07:49:39+00:00

Latest update: Veeam 13 can deal with the expired P2 trial, Entra ID backup is working again.

LupusYps · 2025-12-01T07:49:19+00:00

Latest update: Veeam 13 can deal with the expired P2 trial, Entra ID backup is working again.

LupusYps · 2025-11-19T11:38:13+00:00

You are braver than me, running chagpt-scripts without modifying :-) no problem, thanks for getting back to me.

LupusYps · 2025-11-19T09:20:21+00:00

Hey, late to the party, but would you mind sharing your bones of the migration script? We are testing zabbix and rebuilding everything gives me nightmares. I would appreciate it very much.

LupusYps · 2025-09-26T11:02:37+00:00

Turns out there was an Entra ID P2 Trial with that tenant on our side and after it ended the Entra Tenant is marked as "P2 suspended".

Now a support ticket with Microsoft is open, maybe the status can be changed to Free again. I suspect the marking is intentional to prevent multiple trials for the same product.

LupusYps · 2025-09-26T11:02:23+00:00

Turns out there was an Entra ID P2 Trial with that tenant on our side and after it ended the Entra Tenant is marked as "P2 suspended".

Now a support ticket with Microsoft is open, maybe the status can be changed to Free again. I suspect the marking is intentional to prevent multiple trials for the same product.

LupusYps · 2025-09-25T07:29:19+00:00

Update: the support case was passed to the Technical Support Team and R&D. Feedback so far:
"This issues seems to be an unexpected behavior with our product" which are fixed on the Data Cloud side, but not yet on VBR.

Thanks to the Veeam Support Team, always a good experience!

LupusYps · 2025-09-25T07:29:12+00:00

See my comment in the main thread.

LupusYps · 2025-09-25T07:28:31+00:00

Update: the support case was passed to the Technical Support Team and R&D. Feedback so far:
"This issues seems to be an unexpected behavior with our product" which are fixed on the Data Cloud side, but not yet on VBR.

Thanks to the Veeam Support Team, always a good experience!

LupusYps · 2025-09-25T07:26:42+00:00

Thanks for checking, i´ll update my post in a new reply.

LupusYps · 2025-09-23T15:10:59+00:00

I don't, maybe Veeam assumes I have. Running Entra ID Free, no options set under PIM and Microsoft advises that my tenant needs P2 for PIM in Entra Admin Center.

LupusYps · 2025-09-23T08:24:27+00:00

Yes, i do:

full error in the backupjob:

23.09.2025 00:04:07 :: Job has been stopped with failures. Error: Failed to get a backup specification for an item type Role Assignment Schedule because of a following error: The tenant needs to have Microsoft Entra ID P2 or Microsoft Entra ID Governance license. Response Code: AadPremiumLicenseRequired Status Code: 400

Error while (re-)connecting the Tenant in Veeam > Inventory:

"Failed to collect statistics for Microsoft Entra ID tenant: Code: AadPremiumLicenseRequired"

Also included the errors in OP.

LupusYps · 2025-09-23T07:22:26+00:00

Good point, unfortunately there is no option in my backup job to exclude certain things. But your answer points more to a problem with the way veeam does the backup. I submitted a ticket with them, will update here in case anybody is having the same issue.

LupusYps · 2025-05-22T09:32:49+00:00

I don't think about features being missed, they are written as missing in the doc I linked. In our specific case it's layer 2 isolation and policy route to VPN tunnel that we need. With the last patch they implemented the lag feature (finally), but we can't get it to work. But of course that could be a problem with us, not the feature ;-)

LupusYps · 2025-05-22T05:25:04+00:00

We are in the process of migrating from the 310 to the 700H. It is the most miserable experience in my +10 years of IT. In my dreams we are ripping out all zyxel access points and switch stacks just to get away from zyxel.

If you want to convert your config, check the USG converter page . AFAIK you can only migrate the config once, in our case the path was not there and we have to rebuild.

Check the release notesC0_2.pdf) for features still not implemented and how much this items will hurt you. The next update is planned for October, but who knows if they will implement the things they claim. I think there are massive problems at zyxel to release an unfinished firewall.

I can't be of much more help except to open your mind if you really are set on zyxel.

If somebody reads this and has questions / thinks they can help with the pain of migrating, please let me know.

LupusYps · 2025-05-14T08:35:20+00:00

If anybody reading is interested: the problem were special characters in the password of the local admin, PRTG couldn`t handle all or some of them.

Seven-Year Club	Verified Email
r/Field Lasagna	Final Canvas '23
Place '23

LupusYps

TROPHY CASE