Event details
I´m still getting Event Error 1795 in TPM-WMI on Hyper-V Gen2 VMs with Inplace Update History. The system firmware returned an "Access denied" error when attempting to update a Secure Boot variable KEK 2023. The signature information for this device is listed here. DeviceAttributes: FirmwareManufacturer:Microsoft Corporation;FirmwareVersion:Hyper-V UEFI Release v4.1;OEMModelNumber:Virtual Machine;OEMManufacturerName:Microsoft Corporation;OSArchitecture:amd64; BucketId: 4e22d051e8c143d2875b9d16ef2241c7ec548985a21e5073126d3c1f9bf53bb2 BucketConfidenceLevel: Under Observation - More Data Needed. For more information, see https://go.microsoft.com/fwlink/?linkid=2169931
I can Workaround the Problem with changing the Secureboot Template. Is this a supported solution for this Problem ? CoPilot tells me no, and says that i had to Recreate the VM.
What consequences might this workaround have for the future?
If your VM has a TPM (or had one in the past) the UI will not allow you to change the Secure Boot template. If you force it to change in another way, it will render your VM unbootable (in the same way that your VM becomse unbootable if you mess with the TPM in another way). Therefore, you'll need to recreate the VM in case it has/had a TPM.
If your VM has no TPM (and never had one in the past), you can change the Secure Boot template twice to get the new certificates.
In other words, if the workaround works for your machine and it is still bootable afterwards, you should not expect any negative consequences later. The only negative consequence of the workaround can be that your VM is unbootable right after performing it, and you need to recreate the VM at that point (and suffer downtime of that VM until you have done so).
