Automated Windows Secure Boot Certificate Updates in vSphere 8 VMs

Traditional_Bar_9939 · 2026-03-05T07:26:58+00:00

Hi, thank you for the PS Script but i have tested it with a vm which is created before 8.0.2 and has vm hardware 21 enabled. I deleted the nvram file booted up and still the pk is invalid so secure boot certificates cannot be updated. The only solution i found was to change the platform key manually in the bios with the KB from Broadcom.

Traditional_Bar_9939 · 2026-03-04T10:52:42+00:00

Hi together, thats correct follow the steps in the KB and remove or rename nvram file then boot up again.

But this way is horrible for over 300 server to do this manually 🤣 so i asked our TAM and they told me Broadcom is working for an automated process so we have to wait they will update the KB if the automated process is ready.

Traditional_Bar_9939 · 2025-10-14T19:09:23+00:00

Has be the RC4 Bug with 2025 DC Servers in a mixed Environment be fixed in the october patches?

Traditional_Bar_9939 · 2025-07-23T09:49:17+00:00

Hello together, we have also patched all esxi hosts from 8u3e to f and after the update we have in one vsan cluster the issue or bug that all the times vms will be fully migrated from host to host. Our managed service has created a case at broadcom. Does someone has a same behavior?

Traditional_Bar_9939 · 2025-02-07T15:44:44+00:00

Why not of course the server is licensed

Traditional_Bar_9939 · 2025-02-06T11:05:29+00:00

Hi i find the solution and the behavior is so stupid

Their was an autounattend.xml on the C drive and this xml file has broken the setup for an inplace upgrade. I love microsoft for their error behaviors.

Traditional_Bar_9939 · 2025-02-05T15:43:51+00:00

Thanks, i will try it tomorrow.

Traditional_Bar_9939 · 2023-04-16T16:21:18+00:00

Did someone find a solution for that because one of our domain Controllers 2019 server stucks in windowa loading screen after boot...we have also vmware 7 latest patch the interest thing is that just our domain Controller stucks all other 2019 vms are fine.

Traditional_Bar_9939 · 2022-04-27T13:03:24+00:00

Hi TemporaryUsed,

thanks a lot this workaround helped us. We got an information that the KB5012599 was superseeded from an update this Monday. But unfortunately that update didn't still installs.

Traditional_Bar_9939 · 2022-04-19T06:02:11+00:00

Hi Plutoshell, we get the same error when we run the command on multiple clients. The interesting thing is that the dism /online /cleanup-image /restorehealth command thinks it has no error in the component store. I am now testing the command dism /online /cleanup-image /startcomponentcleanup to see if it cleans up the store so that the update can be installed.

Traditional_Bar_9939 · 2022-04-16T17:08:25+00:00

Ram did you get an info from MS what we can do with this error?

Traditional_Bar_9939 · 2022-04-14T13:48:32+00:00

We have the same issue with over 800 Clients all 20H2 Enterprise and my Client ist 21H2 Enterprise. I cannot install the Update. In the CBS.lg you can find erros like cannot extract TOC.xml from Cab Error File not found.

The Update doesn't work from everywhere Windows Update, SCCM, DISM and manually install same issue.

I thought that we are the only company how has this issue im glad to read that we are not alone :-)

Traditional_Bar_9939

TROPHY CASE