Event details

It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Heather_Poulsen
Updated Feb 19, 2026
AMA
sysadmin315's avatar
sysadmin315
Copper Contributor
Mar 02, 2026

On various virtual 2019 servers the certificate update is stuck in "InProgress" even after several reboots and starting the scheduled task.  The host updated just fine.

Confirm-SecureBootUEFI returns "True"

Registry key "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" "AvailableUpdates’" set to 0x5944.

Schedule task "\Microsoft\Windows\PI\Secure-Boot-Update" initiated

And the computer rebooted

  • Arden_White's avatar
    Arden_White
    Icon for Microsoft rankMicrosoft
    Mar 02, 2026

    Some things to look at:

    • Check the registry keys UEFICA2023Status, UEFICA2023Error, and UEFICA2023ErrorEvent
    • Look for events in the System log with event source TPM-WMI.
    • Ensure that the Secure-Boot-Update exists and that it has active triggers (on startup and ever 12 hours)
    • sysadmin315's avatar
      sysadmin315
      Copper Contributor
      Mar 02, 2026

      Registry keys

      System log

      Task scheduler

       

      • Arden_White's avatar
        Arden_White
        Icon for Microsoft rankMicrosoft
        Mar 02, 2026

        Hi,

        it appears that the firmware returned an error (ERROR_WRITE_PROTECT) when a certificate update was attempted. Would you be willing to share the text of the event 1795? This event will include the error code, what operation was attempted, and some details about the device.

        Arden