Forum Discussion
Windows Server 2022 - devices not booting when Secure Boot enabled (KB5022842)
DavidYorkshireWe can blame Microsoft for a lot of things - they have a long, long history of botched updates. But in the specific case you describe, and only this one, they don't look like the culprit to me - you think otherwise. That's OK.
I hope Dell will provide you a fix for this. Maybe they'll get in touch with Microsoft, and those provide a hotfix in the end, proving me wrong. I'll gladly be ok with that.
I assume those servers were production servers - this one is my mistake.
AlexR91Looks like "RSE" triggered some very strong feelings within you - that wasn't my intention.
Risk management helps everyone - IT staff, IT managers, C-Staff, the company itself. Matching editors/OEM specs is also a way to protect yourself (the IT guy), which was I wanted to say. When disaster strikes, people may look for scapegoats.
I will post a last reply because there isn't much purpose to continue in this thread - you may send me a PM if you wish.
You seem very serious about reducing costs for the company you work for, no matter what. You got two metrics : costs and unscheduled downtimes. IT security isn't one.
You seem convinced that because you have been doing this successfully for years, it's the right way to do it, and to continue to do it.
You seem to think OEM, editors and IT consultants have no ethics whatsoever, and are only here to rob you of your money.
Those are some very strong beliefs. You looks like an IT superhero (or, dare I say, an IT god) to me.
I'm not that strong. I'm just a simple IT consultant. I doubt. And thus, try to encourage my customers to minimize their technical debt, improve their IT security, reduce their TCO, stay close to preferred architecture, implement Best Practices, and so on. Recommending them to put their production workloads on supported stuff is part of that, even if it costs me money (that's often mean I can't sell them the latest hardware/software shiny, and end up telling them to keep their existing stuff (despite being a profit entity)).
And if everything fails in the end, they can rely on some kind of support - the very last seatbelt they can rely on. Even if I fail (and I always assume I will fail), they are not without help or solutions. Working with companies who lost everything after a disaster teach me that.
You, on the other hand, never fail nor doubt, which is why our experience differ so much.
Alban1998 I read your comment on "RGE" as "sounds like whatever you're doing should get you fired". I apologize for my response if that wasn't your intention. I find it difficult to read your remark any other way. I also realize that it may have been rather hypocritical for me to call you arrogant when my reply itself may have come off as arrogant. I apologize for that as well.
I don't think that all IT consultants lack morals or ethics (I do think this of Microsoft as a whole), I've dealt with some excellent consultants and some terrible ones. I do think that they preach the gospel of the vendors they represent all too often and trusting their judgement has gotten our company in to trouble in the past. This is not a criticism of you personally. It would be unfair of me to pass judgement on you without knowing you.
The one interesting difference I'm noticing is that you appear to conflate security and reliability. I do agree that having a supported hardware/software combination is an important component when it comes to reliability. In the case of how we choose to operate, we attempt to mitigate that risk by carefully testing updates and by having a robust failover and disaster recovery strategy. I respect why you would tell a client to buy new hardware to mitigate this risk. However, I'm more dubious of the assumption that using a supported software/hardware combination is as paramount to security as it is to reliability. New hardware certainly introduces new security features that I may not have access to, but the savings associated with pursuing this route means we have capital to invest in other security software/projects/consultants. Dollar for dollar, I think we get more out of those investments than we do if we were to spend that money on new servers. I know this might not be the case for everyone.
I imagine it is tough being a consultant in this case. I can make that choice for my company because I understand the environment well enough to do it with confidence. As a consultant, you have to put a lot of faith in your clients and have to make choices based on the fact that they are probably only going to call when something goes wrong. I don't envy the position I imagine you often find yourself in when this happens.
I still disagree with your hard line on, "its not a supported configuration, therefore, its your fault." But because of this conversation I do at least respect your opinion. I'm ashamed to admit that I was so jaded by this situation that I did not before.
Have a wonderful day.