Hello.

I have this scenario with a Cisco UCS physical server with Windows 2022 that has UEFI BIOS enabled and Secure Boot enabled. Today, after forcing the CA2023 certificate update using these two instructions (attached below), and restarting the server, I see that we have event ID 1799 indicating that the boot manager successfully signed with the UEFI CA2023. However, there is no event ID 1808 indicating that the entire process completed. Is it strictly necessary to have this confirmation event ID 1808, or is it unnecessary in this case? We do see event ID 1803, which indicates that we don't have KEK2023 present, and indeed we don't have this KEK certificate, we do have the KEK2011 present in this server.

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5944 /f

Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"