Forum Discussion
Secure Boot update still pending on deadline day
After checking the registry keys on 2x VMs which run services for a number of important customers I found they both have:
UEFICA2023Error 2147942750
Apparently this means they're pending a reboot.
https://blog.mindcore.dk/2026/04/secure-boot-certificate-update-intune/
I can't reboot the VM inside working hours, can they be rebooted after the deadline or do I need to disable Secure Boot on the VMs?
I'm concerned I'll have to disable Secure Boot before they're next rebooted for Windows updates.
1 Reply
Hi, I would avoid disabling Secure Boot unless you have a very specific rollback plan. For servers, I’d first confirm the relevant cumulative update, servicing stack, and firmware updates are installed, then check the Secure Boot and Code Integrity related events after reboot. If this is about a Secure Boot DB or DBX update, firmware behavior can vary by hardware vendor, so checking the vendor’s guidance matters too. I’d test the update on one noncritical server of the same model before touching the wider group. If the update still shows pending after a clean reboot cycle, I’d open a Microsoft support case rather than weakening boot security across production servers.