Well, you might have seen that Microsoft has released its February months Patch Tuesday on 14th Feb 2023. Wait, we are not going to discuss the Patch Tuesday report in this post. We have covered the February month’s Patch Tuesday report in the previous post, “Breaking Down the Latest February 2023 Patch Tuesday Report.” However, we are going to cover the downside of the update. Yes, Microsoft has recognized a couple of issues that come with the February security updates. If you are a Windows administrator who has been held responsible for applying patches on Windows servers, then this post is for you. You should be aware that your Windows Server 2022 might not start up upon applying the February updates. Let’s see the problems associated with the February 2023 patch and how you can mitigate Windows Server 2022 boot issues upon patching February’s security updates in this post.
Problems Associated With The February 2023 Patch Tuesday:
Microsoft announced that it had identified a couple of issues that users may face upon patching February’s security updates.
|Issue Details||Status||Originating update||History|
|Windows Server 2022 might not start up||Mitigated External||OS Build 20348.30000KB50228422023-02-14||Last updated: 2023-02-15, 14:42 PTOpened: 2023-02-15, 14:42 PT|
|WSUS might not offer updates to Windows 11, version 22H2||Mitigated||N/A||Last updated: 2023-02-15, 14:23 PTOpened: 2023-02-15, 13:49 PT|
Windows Server 2022 Boot Issues Upon Patching February’s Security Updates
Microsoft has identified this issue and added it to its list of ‘Known Issues.’ According to Microsoft, some Windows Server 2022 guest VMs on some versions of VMware ESXi have failed to boot up After installing KB5022842 updates. It is not fully concluded that the issue stemmed from the month’s Patch Tuesday updates. VMWare has started investigating this issue as a joint effort with Redmond, and said that it would keep the updates posted if it sees any breakthrough.
WSUS Stop Offering Updates to Windows 11, Version 22H2
The issue is associated with WSUS (Windows Server Update Services) server, a server that downloads updates from Microsoft’s servers and distributes them to other servers or client computers in the organization. It appears that some Windows Server Update Services (WSUS) servers running Windows Server 2022 might experience issues with the propagation of updates released on February 14, 2023, or later to client devices running Windows 11, version 22H2. Specifically, the updates will download to the WSUS server but might not propagate further to client devices.
Platforms Affected by The February 2023 Patch Tuesday:
As per Microsoft, Windows Server 2022 is affected by both issues. The issue lies with Windows Server 2022 VMs on those ‘Secure Boot’ enabled and running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x.
|Issue Details||Status||Platforms Affected||Conditions|
|Windows Server 2022 might not start up||Mitigated External||Windows Server 2022||Windows Server 2022 VMs on those ‘Secure Boot’ enabled and running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x|
|WSUS might not offer updates to Windows 11, version 22H2||Mitigated||Windows 11, version 22H2Windows Server 2022||The investigation is in progress…|
How to Mitigate Windows Server 2022 Boot Issues Upon Patching February’s Security Updates?
If in case you applied the patches to your Windows Server 2022 and your server fails to boot. You are in the trap. There is no fix has been released that can permanently resolve the issue. Uninstallation of the Patch is not going to fix the boot issue. However, there are a few workarounds that you should try to recover the server.
- Upgrade the ESXi host to vSphere ESXi 8.0.
- For those servers you haven’t installed the KB5022842 Patch, please don’t try to install it until there is a fix.
Note: Uninstalling the KB5022842 Patch will not fix the issue.
How to Disable the Secure Boot of a Windows VM on vSphere?
Follow these steps to disable the Secure Boot of a virtual machine (VM) on vSphere.
- Select the VM in the vSphere Client inventory for that you want to disable the Secure Boot.
- Right-click on the VM and select Edit Settings.
- Click on the VM Options tab in vSphere and expand Boot Options.
- Under Boot Options, make sure that firmware is set to EFI.
- Click on the Secure Boot check box to enable/disable secure Boot.
- Click OK to save your changes.