Software Update – kb2920189 & VM Secure boot

Software Update – kb2920189 & VM Secure boot
Rate this post

Hi All,

Yesterday i was updating my lab and i noticed that every single vm was failing to install kb2920189.

All my vm’s are running windows server 2012 R2 under a WS2012 R2 host, it means i created a 2nd generation of VM’s and the Secure boot was enabled.

Looking at the logs, i found the error 0x800f0922 and if you look at the internet, there are lots of things about this error that was not relevant to the issue here, until i found a forum post that helped me.

basically, if you’re having this problem with your 2nd generation machines with secure boot enabled, perform the following tasks:

1- shutdown your VM
2- Edit the VM settings and under Firmware, disable the Enable Secure boot
3- Bring the VM up and install the hotfix
4- Shutdown the VM again
5- Edit the VM settings and under Firmware, Enable the Enable Secure boot
6- Bring the VM up again

i know that in a large environment this will not be easy, so, powershell to help
1st part is to disable the secure boot, you can do this per bellow:
1- open a powershell as administrator
2- stop-vm -name “
3- Set-VMFirmware -VMName “” -EnableSecureBoot Off
4- Start-VM -name “

now with the machine up again, apply the software update and once done, use powershell to re-enable the secure boot
1- open a powershell as administrator
2- stop-vm -name “
3- Set-VMFirmware -VMName “” -EnableSecureBoot On
4- Start-VM -name “

%d bloggers like this: