Software Update – kb2920189 & VM Secure boot

Software Update – kb2920189 & VM Secure boot

Hi All,

Yesterday i was updating my lab and i noticed that every single vm was failing to install kb2920189.

All my vm’s are running windows server 2012 R2 under a WS2012 R2 host, it means i created a 2nd generation of VM’s and the Secure boot was enabled.

Looking at the logs, i found the error 0x800f0922 and if you look at the internet, there are lots of things about this error that was not relevant to the issue here, until i found a forum post that helped me.

basically, if you’re having this problem with your 2nd generation machines with secure boot enabled, perform the following tasks:

1- shutdown your VM
2- Edit the VM settings and under Firmware, disable the Enable Secure boot
3- Bring the VM up and install the hotfix
4- Shutdown the VM again
5- Edit the VM settings and under Firmware, Enable the Enable Secure boot
6- Bring the VM up again

i know that in a large environment this will not be easy, so, powershell to help
1st part is to disable the secure boot, you can do this per bellow:
1- open a powershell as administrator
2- stop-vm -name “
3- Set-VMFirmware -VMName “” -EnableSecureBoot Off
4- Start-VM -name “

now with the machine up again, apply the software update and once done, use powershell to re-enable the secure boot
1- open a powershell as administrator
2- stop-vm -name “
3- Set-VMFirmware -VMName “” -EnableSecureBoot On
4- Start-VM -name “


Raphael is a 9 times Microsoft MVP with over 20 years of experience in IT, in which 13 years have been dedicated to System Center and Automation. His extended experience has been developed through several IT roles, from first-line support to principal consultant, towards a wide range of clients and sectors. One of the four MVPs in Enterprise Client Management in the UK, Raphael holds more than 30 Microsoft certifications and is an MCT (Microsoft Certified Trainer). Since 2008, Raphael has been providing Microsoft trainings from basic to advanced levels in several categories. Throughout his career, Raphael has joined as speaker in well-known events such as TechEd and Gartner Security Risk Management. He also organised community events and lectured around the world, sharing best practices and knowledge within the industry. Bilingual in English and Portuguese, Raphael has authored diverse articles published in Microsoft's TechEd, served as the editor-in-chief of a magazine focused on System Center in Brazil and wrote two books: "Understanding System Center 2012 SP1 Configuration Manager: The walkthrough book" and "System Center 2012 R2 Configuration Manager: Automation from Zero to Hero".

Tagged with: , , , , , , ,