VMware, Windows 11 shafted by Windows Server 2022

Updated Microsoft is sorting through two issues with Windows Server 2022 that affect VMware virtual machines and updates not getting passed on to Windows 11 devices.

Both problems are related to the KB5022842 security update to Windows Server 2022 rolled out February 14 and will spread their share of headaches to users.

Microsoft and VMware are both reporting that for some users who installed the update on guest virtual machines (VMs) on some versions of ESXi, the operating system may not start up. As one Reg reader who contacted us noted: "It'll be a nasty surprise for many sysadmins."

Only those Windows Server 2022 VMs that are enabled with Secure Boot – a tool designed to keep malicious software from loading when the system starts up – are affected, Microsoft wrote in an advisory.

The affected versions of ESXi are vSphere ESXi 7.0x and vSphere ESXi 6.7 U2/U3, VMware noted in its own advisory. When the problem arises, administrators will see an "image denied" message in their VMware VM log.

The virtualization software vendor – which Broadcom is looking to buy for about $61 billion – said there is no resolution to the problem right now, though it noted that the issue doesn't impact VMs running on vSphere ESXi 8.0x.

It also said that ESXi 6.7 has reach its end of general support.

For now, VMware is recommending organizations update the ESXi Host where the affected VM is running to ESXi 8.0, disable the Secure Boot on the VMs, or not install the KB5022842 patch on Windows Server 2022 VMs until the issue is fixed.

Uninstalling the patch won't resolve the problem, VMware wrote. Essentially the damage is done. If the patch has been installed, the only options are upgrading the ESXi Host or disabling Secure Boot.

Those looking to disable the Secure Boot feature should first power off the VM and then right-click the VM, click Edit Settings and then the VM Options tab. Under Boot Option, uncheck the Secure Boot enabled option.

Microsoft said that both companies "are investigating this issue and will provide more information when it is available."

Microsoft has another problem on its hands with Windows 2022. Updates released on February 14 or later might not make their way from some Windows Server Update Services (WSUS) servers to devices running Windows 11 version 22H2.

"The updates will download to the WSUS server but might not propagate further to client devices," Microsoft warned.

• Microsoft's .NET Framework gets one less update reboot
• Microsoft promises smaller Windows 11 updates with UUP – but there's a catch
• Windows November update trips up some Intel graphics drivers
• Microsoft swears it's not coming for your data with scan for old Office versions

The affected WSUS servers are only those running Windows Server 2022 that have been updated from Windows Server 2016 or 2019.

"This issue is caused by the accidental removal of required Unified Update Platform (UUP) MIME types during the upgrade to Windows Server 2022 from a previous version of Windows Server," the vendor wrote, adding that it could impact security or feature updates for the latest version of Windows 11.

Microsoft Configuration Manager isn't affected.

The problem was listed as a "known issue" on the update. Microsoft is working on a fix, which will come in a future release.

Until a resolution is found, Microsoft is recommending that admins add the .msu and .wim MIME types that were inadvertently removed by the update. The company outlines the steps here.

Making updates faster and easier to install has been a focus of the company for the past couple of years. Most recently Microsoft released the on-premises UUP, which it says delivers smaller – and thus faster – uploads of Windows updates. However, that comes with a one-time hefty 10GB download that is a foundational part of the on-prem UUP release. ®

Updated to add

On Monday VMware issued a full patch for the issue, plus a workaround for those still iffy about trusting the code.