Event details
What manual actions are required on Windows Server operating systems (2012 through 2022) for Secure Boot certificate renewal?
I am using SCCM/Microsoft Endpoint Manager to deploy OS updates to these servers. Some documentation indicates that no manual intervention is required and that the certificates should renew automatically. However, in our environment, the Secure Boot certificates have not been renewed yet.
so looking for the clear instructions.
HI Karl-WE
I am using SCCM to manage the patching and Sending Diagnostics data to Microsoft, but still Auto renewal not yet Completed, getting error code 1801 on mostly servers, looking for your answer on below:
- Firmware Update Prerequisite
What is the role of a firmware update prior to the certificate renewal? How can customers determine whether a firmware update is required, considering it is a time‑consuming activity for us? what are the event IDS we need to monitor for not compatible firmware. is any specific article for Azure Stack HCI Platform VMs? - Servers with Secure Boot State “Off” or “Unsupported”
Are any actions required on servers where the Secure Boot state is marked as Off or Unsupported? (Confirm-SecureBootUEFI) - Event IDs for Monitoring Renewal Status
As part of proactive monitoring, which event IDs should we track to confirm the successful completion of the certificate renewal process? - Rollback Plan
If any issues occur with the server or its applications after the Secure Boot certificate renewal, what rollback plan or procedure is available to revert to the previous certificates? - Microsoft Enforcement Timeline
By when will Microsoft enforce Secure Boot certificate renewal through cumulative updates in the case of automatic renewal?