Update Madness
Righto, so its "safe" to release the handbreak and get back on the Windows update tredmill people. Yes, we've jumped on the hand grenade that was Microsoft's KB 5022842 and updated our platform to protect you all!
And while some of you might be excited by things like "New! It updates the text and web link for Windows Admin Center (WAC) notifications" (and seriously who wouldn't!) it also broke some things, just minor things mind you, like preventing your virtual machine from booting! π€―
The pertinent piece of info for us all was tucked down the end of the link under the section "Known issues in this update" (just a friendly heads up, nothing good ever comes from this section π±), and here it is in all its glory:
"After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below." Β π€¦πΌββοΈ
Fortunately, VMware has come to the rescue and released VMware ESXi 7.0 U3k which includes a fix for the issue as detailed in this KB - Phil Snowdon our Technical Operations Manager blogged about it when initially discovered back in early February. After running through our own testing in the lab of VMware's update 3k for vSphere 7 we've subsiquently implemented it in our production hosting/IaaS locations (thats both Auckland and Christchurch). All vCenter appliances and hosts have been updated, so any virtual machines running Windows Server 2022, configured with Secure Boot and, that were updated with this patch can now be rebooted without fear they won't come back up! We obviously (like you hopefully), routinely patch our IaaS platform but this little gem did forced our hand somewhat!
Admittedly there was a workaround available, in that you (actually thats we) could disable secure boot in the vm to enable it to boot the OS. Unfortunately, that obviously reduces your security posture somewhat without even going intoconcerns about stopping your patching cycle! Now if you we're hoping the issue was addressed by Microsoft in the latest round of updates released on the 14th of March......... you would have been disappointed as its still listed in there "known issues" section π. Having said that, VMware's KB on it states that Microsoft did resolve it in the March updates π€?? Β I'm not sure who's got it right here, but it's all good though, your trusty Softsouce vBridge team are on the job so you can get back into those patching cycles!
Don't worry Microsoft, we gotcha πͺπΌβπΌ