Event details

It's time for our second Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...
Heather_Poulsen
Updated Feb 19, 2026
AMA
sysadmin315's avatar
sysadmin315
Copper Contributor
Mar 02, 2026

On various virtual 2019 servers the certificate update is stuck in "InProgress" even after several reboots and starting the scheduled task.  The host updated just fine.

Confirm-SecureBootUEFI returns "True"

Registry key "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" "AvailableUpdates’" set to 0x5944.

Schedule task "\Microsoft\Windows\PI\Secure-Boot-Update" initiated

And the computer rebooted

Arden_White's avatar
Arden_White
Icon for Microsoft rankMicrosoft
Mar 02, 2026

Some things to look at:

  • Check the registry keys UEFICA2023Status, UEFICA2023Error, and UEFICA2023ErrorEvent
  • Look for events in the System log with event source TPM-WMI.
  • Ensure that the Secure-Boot-Update exists and that it has active triggers (on startup and ever 12 hours)