Windows Server 2022 virtual machine will not boot after applying KB5022842

On May 2nd, 2023, the Google Cloud VMware Engine release notes published a new entry on the known issue page regarding a Microsoft patch that could potentially cause disruptions to your environment. Since I experienced this issue in my private cloud, I decided it was worth a quick blog post to get the word out to those who haven’t applied it yet.

Background

A few weeks ago, I applied the monthly Windows patches to the management VM running within Google Cloud VMware Engine. When it rebooted, the machine just never came back, so I had to launch the remote console to troubleshoot. That is when I discovered I had to disable UEFI secure boot on the VM for the OS to boot again.

The issue and resolution

According to VMware KB 90947 and the Google Known Issues page, the problem resides with KB5022842 affecting the secure boot of Windows Server 2022. To avoid this, the recommended course of action is to skip installing Windows Server 2022 Cumulative Update KB5022842 and instead install KB5023705.

Figure 1: Windows Update history page

Unfortunately, in my case, I had already installed KB5022842, and uninstalling that patch wouldn’t have fixed it. To get the VM to boot, you must power it off, then edit the properties to disable UEFI secure boot from the VM options page.

Figure 2: Disabling secure boot from a virtual machine

Only after you have installed KB5023705 will you be able to re-enable secure boot on the VM.

Conclusion

Hopefully this issue didn’t catch you by surprise, but fortunately, the fix is relatively straightforward once you know how to handle it.

For more information about Google Cloud VMware Engine, check out VMware Cloud Tech Zone.