Event details
MicrosoftHi Remco,
There was a known issue in Hyper‑V where Secure Boot certificate updates could fail with Event ID 1795 when attempting to update KEK.
This issue was resolved in Windows updates released on or after March 10, 2026, and is documented here:
Known issues and resolutions for Secure Boot certificates updates
In virtualized environments such as Hyper‑V Gen2 VMs and Azure VMs, Secure Boot variables are maintained by virtual firmware provided by the host platform. As a result, successful KEK enrollment depends on both:
- guest OS support for authenticated updates, and
- host platform support for accepting those updates
Until both components are updated, Secure Boot KEK enrollment may fail, and Event 1795 may continue to be logged.
Arden
Hi Arden,
Thanks for the answer and the explanation. But what i'm really asking is... is there any information/timeline to verifiy when the hostservers in Azure are fully updated? Its out of my control.
Now i constantly keep asking myself "Is the issue on my side or Microsoft side?" I think i've done everything correcty on my side but if there isn't a place or timeline on your side, where there is a message "All hosts on Azure are updated and can rollout the KEK cert" then i'm still crossing my fingers and hope everything works on time. Hope is not good guidance.
Where is the place that i can verifiy if the hosts in Azure are fully updated and can rollout secure boot updates succesfully?
We have 1/3 of our Azure Server with the KEK problem, even after the March cumulative update. So we created a support case, and the response was this is a known issue, and a patch will be released in April. I also addressed more visibility about this, but can't see any documentation about this yet.