[DISCUSSION] Server 2022 LTSC (21H2) 20348.1 (fe_release)

Discussion in 'Windows Server' started by Enthousiast, Mar 2, 2021.

  1. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    49,647
    103,306
    450
    #1181 Enthousiast, Jan 18, 2023
    Last edited: Jan 19, 2023
    (OP)
  2. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    841
    704
    30
    I see that after running 2023-02 MSRT on Windows Server 2022, the server is no longer booting as UEFI/EFI with Secure Mode Enabled.
    After disabling Secure Mode, the server boots as normal.
    I tested this behaviour on a number of VMs running in an ESX lab and isolated the issue to MSRT.
    I am not sure if this applies to the specific conditions - VMs running in ESX or it is a more general issue.
    It is very likely that this is the most common scenario under which Windows Server 2022 is running.
     
  3. BiLL86

    BiLL86 MDL Novice

    Apr 24, 2010
    29
    28
    0
    Thanks for the heads up! I was suspecting a virus. But nothing was found.
     
  4. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,192
    90,681
    340
  5. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    841
    704
    30
    #1189 ch100, Feb 15, 2023
    Last edited: Feb 15, 2023
    :D
    It is still bizarre behaviour to have a scanner which is not even installed supposedly breaking a file signature.
    Very curious how this can be remediated if Microsoft will not be releasing a patch soon.
    The log under C:\Windows\debug\mrt.log does not show anything different than previous scans or unusual.
     
  6. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    841
    704
    30
    Were you impacted by this? If this is the case, it means I was not dreaming. ;)
     
  7. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,192
    90,681
    340
    From patchmanagement:

    "So far this is isolated to a single VM on VMware ESXI, but we have a server 2022, new install from about 2 weeks ago, installed updated Ok, rebooted OK.
    Just rebooted again and it’s got a “security violation.”
    Turning off VBS and secure boot seems to have fixed it for now.

    Others in the reddit megathread are reporting boot issues with server 2022 requiring disabling vbs/secure boot. "
     
  8. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    841
    704
    30
    Thanks. I figured out that turning off Secure Boot fixes it. I don't use VBS.
    As this is a lab, I am not impacted in any way - production wise and I can play with the settings as much as I wish.
    While many production sites do not install/run MRT, a lot are as it comes on WSUS.
    For me this is only of academic interest, but I think now I finally got your message about the usefulness of MRT. ;)
     
  9. BiLL86

    BiLL86 MDL Novice

    Apr 24, 2010
    29
    28
    0
  10. BiLL86

    BiLL86 MDL Novice

    Apr 24, 2010
    29
    28
    0
  11. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    841
    704
    30
    I have Win 11 physical and in ESX 7 and they run fine after MRT was run. Same for Win 10 in ESX.
    For some reason, only the server is impacted.
    I am amazed that Microsoft has not released an emergency patch to address this issue being about the server running in ESX which is very typical these days.
     
  12. BiLL86

    BiLL86 MDL Novice

    Apr 24, 2010
    29
    28
    0
    #1197 BiLL86, Feb 15, 2023
    Last edited: Feb 15, 2023
    It's possible that 2022 with UEFI+SB on ESXi v7 isn't that wide spread yet. I still see new VMs created with legacy bios on daily basis and it's surely not affected by this. Also it would be interesting to see if Hyper-V has this issue. I have 2022 Hyper-V hosts, but no 2022 guests on them to test it out, yet.
     
  13. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    841
    704
    30
    I think you have a point here.
    But the VMware virtual firmware has not changed since yesterday when it was working.
    Unless Microsoft did something on purpose. ;)
    However Win 11 and Win 10 do not seem to be impacted, so I believe this is rather a bug than intentional.
     
  14. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    841
    704
    30