Event details
This AMA maybe is more for physical servers, but will ask here (or repost on Office Hours for VMs later).
I am testing possible approach for our VM environment (VMware 8.0.3 U3b, not U3j yet). My test VM has Windows Server 2025. I have done certificates update via registry by setting AvailableUpdates accordingly. Was getting event that it cannot update firmware as VM was in legacy mode. Updated its compatibility to the latest and reran the registry update. Now i am getting 0x4000 in the registry and last event is 1808. Below is also output from Microsoft provided script.
From what i have found so far it looks like this VM is good now. But i was trying to make sure it is using updated boot loader and AI told me to extract signature from bootmgfw.efi
Which still shows 2011. But i am not sure if i am checking this correctly. Or whether i even need to do anything further. Maybe it will just switch bootloader later this year after an update?
And what if i want to test whether it actually boots with new bootloader? Can i try to force the switch now?
Latest Event ID: 1808
Bucket ID: 876074c56d618f213d6e7230dfafd7cc7a93768dca81faf7b262ccc23912b818
Confidence: High Confidence
Event 1801 Count: 1
Event 1808 Count: 9
Update complete (Event 1808 or Status=Updated) - skipping error analysis
OS Version: 10.0.26100
Last Boot Time: 06/11/2026 16:43:36
Baseboard Manufacturer: Intel Corporation
Baseboard Product: 440BX Desktop Reference Platform
SecureBoot Update Task: Ready (Enabled: True)
WinCS Key F33E0C8E002: Applied
=== Certificate Update Summary ===
[1P] Windows UEFI CA 2023 (db): Updated
[1P] Microsoft Corporation KEK 2K CA 2023 (KEK): Updated
[3P] Microsoft Corporation UEFI CA 2011 (db): Present - 3P 2023 certs required
[3P] Microsoft UEFI CA 2023 (db): Updated
[3P] Microsoft Option ROM UEFI CA 2023 (db): Updated
===================================
If you're getting event 1808 on a device, then the certificates AND the boot manager have been updated.
Determining the signature on the boot manager is tricky since you're looking for the intermediate certificate (the CA) in certificate chain of the signer.