VMware has released a vSphere ESXi update to address a known issue preventing some Windows Server 2022 virtual machines from starting after installing this month’s KB5022842 update.

Microsoft first recognized the problem Thursday when the company said it only affects virtual machines with Secure Boot enabled and running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x.

Although Redmond indicates that only VMware ESXi virtual machines are affected, some Windows admin reports hinting at other hypervisor platforms (including bare metal) experiencing similar startup issues after rolling out this month’s updates.

“The Windows Update package provides a new form of digital signature on the EFI boot loader, which UEFI Secure Boot incorrectly rejects. As a result, virtual machines may not locate a bootable operating system and fail to boot “, VMware explained today.

VMware has released ESXi 7.0 Update 3к, which resolves this known issue and will allow administrators to relaunch affected VMs that no longer boot.

“If you are already experiencing the issue, after patching the host to ESXi 7.0 Update 3k, simply power on the affected Windows Server 2022 VMs”, VMware said.

“After patching a host to ESXi 7.0 Update 3k, you can migrate a running Windows Server 2022 VM from an earlier version host to ESXi 7.0 Update 3k, install KB5022842, and the VM will start successfully without any steps additional required.”

Workaround also available

VMware is also providing several temporary workarounds for administrators with affected hosts that cannot immediately deploy today’s update.

To do this, administrators can take one of the following actions:

1. Upgrade the ESXi host where the virtual machine in question is running to vSphere ESXi 8.0
2. Disable “Secure Boot” on virtual machines.
3. Do not install hotfix KB5022842 on a Windows 2022 Server virtual machine until the issue is resolved.

The Secure Boot option can also be disabled for each VM as a temporary solution using the following procedure:

1. Power off the virtual machine.
2. Right-click the virtual machine and click Modify the parameters.
3. Click it Virtual machine options tongue.
4. Below boot option, uncheck the “Secure Boot Enabled“

Unfortunately, if you have already installed Windows Server 2022 Cumulative Update KB5022842, uninstalling it will not solve the problem. The only solution is to upgrade to ESXi 7.0 Update 3k or disable secure boot.

Microsoft is also working on fixing a known issue causing WSUS servers to upgrade to Windows Server 2022 for fails to push Windows 11 22H2 February 2022 Updates to customers.