Forum Discussion
Windows Server 2022 - devices not booting when Secure Boot enabled (KB5022842)
You missed the "production environment" thing in my reply, this is a critical item when evaluating risk.
Well if your customers are fine with losing money because of unsupported stuff, I guess that's OK. Defeats the purpose of minimizing costs in the first place tough. Which itself contradicts buying brand new WS2022 licenses and CAL, when you can continue using WS2019, and using physical hardware for servers when you can use VM instead, and so on.
Or if you are really unable to cope with regular on-premise hardware upgrade, go Azure/AWS/Google.
And the next post kinda prove my point :
"they have reproduced the issue, and confirmed that servers later than 13G are not affected. Because Server 2022 isn't officially supported on 13G servers, they are not currently committing to doing anything about it". In some companies, telling this to your boss/customer triggers a Resume-Generating Event (RGE).
As for disabling Secure Boot to bypass your issue, and claiming VBS/CG are fine without it...yeah, good luck with that.
Alban1998 I do agree this is getting a little off topic. I also apologize if anything I say comes off as personally disrespectful to you. My intention is not to criticize you in a way that is unfair or uninvited.
"Well if your customers are fine with losing money because of unsupported stuff, I guess that's OK." My "customer" is the company I work for, which experienced zero downtime as a result of this issue. No downtime means no money lost. If someone is losing money over unsupported hardware, that is a failure of the people and processes that set it up, not the hardware/software combination itself.
Buying used servers costs about a tenth of what buying new servers costs, who says anyone is losing money? You know who would love for people to believe this is true? Microsoft and its hardware partners. You know who it doesn't benefit? The companies whose IT staff are naïve enough to believe this and end up paying for new servers they should have never bought in the first place. Needlessly wasting your company's money to replace servers because Microsoft says you should, now that sounds like a "resume generating event"
"Defeats the purpose of minimizing costs in the first place tough. Which itself contradicts buying brand new WS2022 licenses and CAL, when you can continue using WS2019, and using physical hardware for servers when you can use VM instead, and so on." We have SA on all of our Microsoft licensing so we don't pay for upgrades. No additional costs related to CALs here. All of these servers are HyperV hosts. It's unclear to me why you thought otherwise. Needlessly wasting your company's money to buy license upgrades that should have been covered under SA, now that sounds like a "resume generating event".
"And the next post kinda prove [sic] my point": The only thing this proves is that Dell is hearing from their customers and is discussing if or how they will resolve the issue. This doesn't imply its Dell's issue to solve. Not understanding the typical behavior of (what is likely) one of your largest vendors and making bad assumptions as a result of that naïveté, now that sounds like a "resume generating event".
"Or if you are really unable to cope with regular on-premise hardware upgrade, go Azure/AWS/Google." Hosting the same workloads we host on-premise today in Azure would be far more expensive than hosting them the way we do. It would also be more expensive than buying new hardware. The only time it might make financial sense to host in Azure is if you have a highly variable workload that benefits from the scalability of Azure. Many companies are moving from Azure/AWS/Google back in to their own data centers specifically because the promised cost savings simply don't exist. Do you think a company like Microsoft would be pushing so hard to get people in to Azure if it wasn't financially beneficial to them? Needlessly wasting your company's money putting workloads in expensive public clouds, now that sounds like a "resume generating event".
"As for disabling Secure Boot to bypass your issue, and claiming VBS/CG are fine without it...yeah, good luck with that." This is working without issue on every server this has effected. Luck is not needed here.
The servers I manage have had nearly zero unscheduled downtime over the past decade. Because of the way we manage hardware lifecycles ("unsupported stuff"), I have saved my company tens (if not hundreds) of thousands of dollars over that time period.
I wasn't aware that "Resume Generating Event" was an acronym before you brought it up in your post. You know why that might be? Because its not something I've ever had to worry about.
There's an important lesson here that you seem to not understand: Microsoft, Dell, and IT consultants are for profit entities that operate in their own financial best interest. Everything they do (including the guidance they provide) is in service of that goal.
Be careful not to let your arrogance prevent you from understanding the implications of this lesson. That could end up being a "Resume Generating Event" for you.
DavidYorkshireWe can blame Microsoft for a lot of things - they have a long, long history of botched updates. But in the specific case you describe, and only this one, they don't look like the culprit to me - you think otherwise. That's OK.
I hope Dell will provide you a fix for this. Maybe they'll get in touch with Microsoft, and those provide a hotfix in the end, proving me wrong. I'll gladly be ok with that.
I assume those servers were production servers - this one is my mistake.
AlexR91Looks like "RSE" triggered some very strong feelings within you - that wasn't my intention.
Risk management helps everyone - IT staff, IT managers, C-Staff, the company itself. Matching editors/OEM specs is also a way to protect yourself (the IT guy), which was I wanted to say. When disaster strikes, people may look for scapegoats.
I will post a last reply because there isn't much purpose to continue in this thread - you may send me a PM if you wish.
You seem very serious about reducing costs for the company you work for, no matter what. You got two metrics : costs and unscheduled downtimes. IT security isn't one.
You seem convinced that because you have been doing this successfully for years, it's the right way to do it, and to continue to do it.
You seem to think OEM, editors and IT consultants have no ethics whatsoever, and are only here to rob you of your money.
Those are some very strong beliefs. You looks like an IT superhero (or, dare I say, an IT god) to me.
I'm not that strong. I'm just a simple IT consultant. I doubt. And thus, try to encourage my customers to minimize their technical debt, improve their IT security, reduce their TCO, stay close to preferred architecture, implement Best Practices, and so on. Recommending them to put their production workloads on supported stuff is part of that, even if it costs me money (that's often mean I can't sell them the latest hardware/software shiny, and end up telling them to keep their existing stuff (despite being a profit entity)).
And if everything fails in the end, they can rely on some kind of support - the very last seatbelt they can rely on. Even if I fail (and I always assume I will fail), they are not without help or solutions. Working with companies who lost everything after a disaster teach me that.
You, on the other hand, never fail nor doubt, which is why our experience differ so much.Alban1998 I read your comment on "RGE" as "sounds like whatever you're doing should get you fired". I apologize for my response if that wasn't your intention. I find it difficult to read your remark any other way. I also realize that it may have been rather hypocritical for me to call you arrogant when my reply itself may have come off as arrogant. I apologize for that as well.
I don't think that all IT consultants lack morals or ethics (I do think this of Microsoft as a whole), I've dealt with some excellent consultants and some terrible ones. I do think that they preach the gospel of the vendors they represent all too often and trusting their judgement has gotten our company in to trouble in the past. This is not a criticism of you personally. It would be unfair of me to pass judgement on you without knowing you.
The one interesting difference I'm noticing is that you appear to conflate security and reliability. I do agree that having a supported hardware/software combination is an important component when it comes to reliability. In the case of how we choose to operate, we attempt to mitigate that risk by carefully testing updates and by having a robust failover and disaster recovery strategy. I respect why you would tell a client to buy new hardware to mitigate this risk. However, I'm more dubious of the assumption that using a supported software/hardware combination is as paramount to security as it is to reliability. New hardware certainly introduces new security features that I may not have access to, but the savings associated with pursuing this route means we have capital to invest in other security software/projects/consultants. Dollar for dollar, I think we get more out of those investments than we do if we were to spend that money on new servers. I know this might not be the case for everyone.
I imagine it is tough being a consultant in this case. I can make that choice for my company because I understand the environment well enough to do it with confidence. As a consultant, you have to put a lot of faith in your clients and have to make choices based on the fact that they are probably only going to call when something goes wrong. I don't envy the position I imagine you often find yourself in when this happens.
I still disagree with your hard line on, "its not a supported configuration, therefore, its your fault." But because of this conversation I do at least respect your opinion. I'm ashamed to admit that I was so jaded by this situation that I did not before.
Have a wonderful day.