The point is that Microsoft broke it with the last Patch Tuesday update - it worked fine up until that point. It's quite normal to run server OSs on older hardware on which it's technically not supported, and it rarely gives any issues at all. And indeed the same applied with client versions up until W11.

And just to note - the servers I have tested it on only don't support it in the sense that Dell don't support running Server 2022 on them - they do meet the Microsoft requirements for Server 2022 as set out here: https://learn.microsoft.com/en-us/windows-server/get-started/hardware-requirements.

@Alban1998 It is absolutely normal to run more recent OSes on older hardware in a combination that is technically not supported by the hardware vendor. The only parties arguing against this are those who financially benefit from customers constantly having to upgrade their hardware. Many companies cannot afford to spend tens of thousands of dollars on brand new hardware because a consultant or vendor tells them that its too risky not to. Most companies can't afford to drink that Kool-Aid. There are effective ways to mitigate the risk associated with unsupported hardware/software combinations (failover clusters come to mind), but these mitigations don't enrich Microsoft and its hardware partners the same way trying to force people to constantly upgrade their hardware does.

"otherwise, Microsoft would have provided a fix". This implies Microsoft actually tests their updates or cares about their customers. They care about making money and will fix issues that cost them money. This is a pretty recent issue, so it is yet to be determined if Microsoft will fix it or not. I'm still hopeful they will, but I don't think it will be out of the kindness of their heart.

We experienced this issue on a Dell PowerEdge R730XD and a R430. In the case of the R730XD, this was a clean install of Windows Server 2022. After several clean installs, we were able to narrow down the issue to this particular update. We went so far as to back up the Secure Boot database, perform the update that breaks secure boot, and restore the database to what it was before that and Secure Boot still didn't work. The only thing that changed was Microsoft's update. They can blame whoever they want for this issue, but it happened as a result of their update.

Thankfully, virtualization based security (including HVCI and Credential Guard) work just fine without Secure Boot. This is despite Microsoft's claim that these feature require Secure Boot to function.

@Alban1998 I do agree this is getting a little off topic. I also apologize if anything I say comes off as personally disrespectful to you. My intention is not to criticize you in a way that is unfair or uninvited.

"Well if your customers are fine with losing money because of unsupported stuff, I guess that's OK." My "customer" is the company I work for, which experienced zero downtime as a result of this issue. No downtime means no money lost. If someone is losing money over unsupported hardware, that is a failure of the people and processes that set it up, not the hardware/software combination itself.

Buying used servers costs about a tenth of what buying new servers costs, who says anyone is losing money? You know who would love for people to believe this is true? Microsoft and its hardware partners. You know who it doesn't benefit? The companies whose IT staff are naïve enough to believe this and end up paying for new servers they should have never bought in the first place. Needlessly wasting your company's money to replace servers because Microsoft says you should, now that sounds like a "resume generating event"

"Defeats the purpose of minimizing costs in the first place tough. Which itself contradicts buying brand new WS2022 licenses and CAL, when you can continue using WS2019, and using physical hardware for servers when you can use VM instead, and so on." We have SA on all of our Microsoft licensing so we don't pay for upgrades. No additional costs related to CALs here. All of these servers are HyperV hosts. It's unclear to me why you thought otherwise. Needlessly wasting your company's money to buy license upgrades that should have been covered under SA, now that sounds like a "resume generating event".

"And the next post kinda prove [sic] my point": The only thing this proves is that Dell is hearing from their customers and is discussing if or how they will resolve the issue. This doesn't imply its Dell's issue to solve. Not understanding the typical behavior of (what is likely) one of your largest vendors and making bad assumptions as a result of that naïveté, now that sounds like a "resume generating event".

"Or if you are really unable to cope with regular on-premise hardware upgrade, go Azure/AWS/Google." Hosting the same workloads we host on-premise today in Azure would be far more expensive than hosting them the way we do. It would also be more expensive than buying new hardware. The only time it might make financial sense to host in Azure is if you have a highly variable workload that benefits from the scalability of Azure. Many companies are moving from Azure/AWS/Google back in to their own data centers specifically because the promised cost savings simply don't exist. Do you think a company like Microsoft would be pushing so hard to get people in to Azure if it wasn't financially beneficial to them? Needlessly wasting your company's money putting workloads in expensive public clouds, now that sounds like a "resume generating event".

"As for disabling Secure Boot to bypass your issue, and claiming VBS/CG are fine without it...yeah, good luck with that." This is working without issue on every server this has effected. Luck is not needed here.

The servers I manage have had nearly zero unscheduled downtime over the past decade. Because of the way we manage hardware lifecycles ("unsupported stuff"), I have saved my company tens (if not hundreds) of thousands of dollars over that time period.

I wasn't aware that "Resume Generating Event" was an acronym before you brought it up in your post. You know why that might be? Because its not something I've ever had to worry about.

There's an important lesson here that you seem to not understand: Microsoft, Dell, and IT consultants are for profit entities that operate in their own financial best interest. Everything they do (including the guidance they provide) is in service of that goal.

Be careful not to let your arrogance prevent you from understanding the implications of this lesson. That could end up being a "Resume Generating Event" for you.

@DavidYorkshire Its good to know that Dell is aware of this issue and at least discussing possibly resolving it. I'll reach out to our Dell rep and make them aware of how important this is to us.

"I've just retired an R710 which was nearly 12 years old and was still working OK (running Hyper-V Server 2016 as a host for some undemanding test machines)" What an interesting coincidence! In November, we retired our fleet of R710s also running Hyper-V 2016 for about 10 years and replaced them with R730s. The servers were working great even when we replaced them. We ended up replacing them because of the licensing benefits of running our cluster in a more dense configuration. We also continue to run a Dell PowerVault MD3200 in production whose storage controllers were manufactured in 2002. The quality of enterprise class hardware really is astonishing.

@DavidYorkshireWe can blame Microsoft for a lot of things - they have a long, long history of botched updates. But in the specific case you describe, and only this one, they don't look like the culprit to me - you think otherwise. That's OK.
I hope Dell will provide you a fix for this. Maybe they'll get in touch with Microsoft, and those provide a hotfix in the end, proving me wrong. I'll gladly be ok with that.
I assume those servers were production servers - this one is my mistake.

@Alex RourkeLooks like "RSE" triggered some very strong feelings within you - that wasn't my intention.
Risk management helps everyone - IT staff, IT managers, C-Staff, the company itself. Matching editors/OEM specs is also a way to protect yourself (the IT guy), which was I wanted to say. When disaster strikes, people may look for scapegoats.

I will post a last reply because there isn't much purpose to continue in this thread - you may send me a PM if you wish.
You seem very serious about reducing costs for the company you work for, no matter what. You got two metrics : costs and unscheduled downtimes. IT security isn't one.
You seem convinced that because you have been doing this successfully for years, it's the right way to do it, and to continue to do it.
You seem to think OEM, editors and IT consultants have no ethics whatsoever, and are only here to rob you of your money.
Those are some very strong beliefs. You looks like an IT superhero (or, dare I say, an IT god) to me.

I'm not that strong. I'm just a simple IT consultant. I doubt. And thus, try to encourage my customers to minimize their technical debt, improve their IT security, reduce their TCO, stay close to preferred architecture, implement Best Practices, and so on. Recommending them to put their production workloads on supported stuff is part of that, even if it costs me money (that's often mean I can't sell them the latest hardware/software shiny, and end up telling them to keep their existing stuff (despite being a profit entity)).
And if everything fails in the end, they can rely on some kind of support - the very last seatbelt they can rely on. Even if I fail (and I always assume I will fail), they are not without help or solutions. Working with companies who lost everything after a disaster teach me that.

You, on the other hand, never fail nor doubt, which is why our experience differ so much.

@Alban1998 I read your comment on "RGE" as "sounds like whatever you're doing should get you fired". I apologize for my response if that wasn't your intention. I find it difficult to read your remark any other way. I also realize that it may have been rather hypocritical for me to call you arrogant when my reply itself may have come off as arrogant. I apologize for that as well.

I don't think that all IT consultants lack morals or ethics (I do think this of Microsoft as a whole), I've dealt with some excellent consultants and some terrible ones. I do think that they preach the gospel of the vendors they represent all too often and trusting their judgement has gotten our company in to trouble in the past. This is not a criticism of you personally. It would be unfair of me to pass judgement on you without knowing you.

The one interesting difference I'm noticing is that you appear to conflate security and reliability. I do agree that having a supported hardware/software combination is an important component when it comes to reliability. In the case of how we choose to operate, we attempt to mitigate that risk by carefully testing updates and by having a robust failover and disaster recovery strategy. I respect why you would tell a client to buy new hardware to mitigate this risk. However, I'm more dubious of the assumption that using a supported software/hardware combination is as paramount to security as it is to reliability. New hardware certainly introduces new security features that I may not have access to, but the savings associated with pursuing this route means we have capital to invest in other security software/projects/consultants. Dollar for dollar, I think we get more out of those investments than we do if we were to spend that money on new servers. I know this might not be the case for everyone.

I imagine it is tough being a consultant in this case. I can make that choice for my company because I understand the environment well enough to do it with confidence. As a consultant, you have to put a lot of faith in your clients and have to make choices based on the fact that they are probably only going to call when something goes wrong. I don't envy the position I imagine you often find yourself in when this happens.

I still disagree with your hard line on, "its not a supported configuration, therefore, its your fault." But because of this conversation I do at least respect your opinion. I'm ashamed to admit that I was so jaded by this situation that I did not before.

Have a wonderful day.

We just installed a TPM on an r530 running win2022 and while we were at it we enabled secure boot.  But it won't boot throwing error uefi0073.  I assume this has to do with the feb CU which was also just installed.  What timing lol.  Will disable secure boot for now and follow for updates.

@Kenji McXntosh 

Update

Patch Tuesday today. I checked the Microsoft report on the issue (M365 console, Health, Windows Release Health, Server 2022). It appears that Microsoft is still claiming that this issue only affects VMs on VMware 7.x and below, and that as VMWare have patched it Microsoft doesn't need to do anything:

"Resolution: This issue is resolved in VMware ESXi 7.0 U3k, released on February 21st 2023 [link]. No update from Microsoft is needed for this issue."

However, I decided to actually check in case they had quietly resolved the issue. I have two affected PowerEdge servers - a T430 and an R730. I patched them both with the latest Windows updates, rebooted, then rebooted again and went into the BIOS settings and tried turning Secure Boot back on.

And they work again! Boot fine, with Secure Boot turned on. So it would appear that Microsoft has done something with today's update to fix the problem.

@DavidYorkshire  I concur. My B660 system with Hyper-V already loaded that failed to boot when KB5022842 was applied, now boots fine with that KB rolled back and KB5023705 loaded. In addition, my B760 system that would not boot if I attempted to install Hyper-V because KB5022842 had already been applied, booted fine once KB5023705 was applied and then Hyper-V installed.
For those that want to really geek-out. I compiled a short list of what I think are the relevant changes between the Feb and Mar CU:
"stornvme.sys","10.0.20348.1547","03-Feb-2023","02:17","233,504"
"stornvme.sys","10.0.20348.1607","08-Mar-2023","23:58","230,768"
"VmComputeAgent.exe","10.0.20348.1366","03-Feb-2023","13:53","1,492,352"
"VmComputeAgent.exe","10.0.20348.1607","09-Mar-2023","07:23","1,492,352"
"vmcompute.exe","10.0.20348.1547","03-Feb-2023","07:41","4,026,384"
"vmcompute.exe","10.0.20348.1607","09-Mar-2023","05:03","4,023,664"
"vmchipset.dll","10.0.20348.1547","03-Feb-2023","07:41","1,025,360"
"vmchipset.dll","10.0.20348.1607","09-Mar-2023","05:03","1,025,408"
"hvservice.sys","10.0.20348.1311","03-Feb-2023","13:53","136,536"
"hvservice.sys","10.0.20348.1607","09-Mar-2023","05:03","136,576"
"hvloader.dll","10.0.20348.1311","03-Feb-2023","13:53","148,832"
"hvloader.dll","10.0.20348.1607","09-Mar-2023","05:03","148,864"
"hvax64.exe","10.0.20348.1547","03-Feb-2023","07:42","1,630,232"
"hvax64.exe","10.0.20348.1607","09-Mar-2023","05:03","1,627,472"
"hvix64.exe","10.0.20348.1547","03-Feb-2023","07:42","1,732,624"
"hvix64.exe","10.0.20348.1607","09-Mar-2023","05:03","1,729,864"
"kdhvcom.dll","10.0.20348.1311","03-Feb-2023","13:53","58,704"
"kdhvcom.dll","10.0.20348.1607","09-Mar-2023","05:03","58,704"
"vmms.exe","10.0.20348.1547","03-Feb-2023","07:41","14,792,064"
"vmms.exe","10.0.20348.1607","09-Mar-2023","05:03","14,787,920"
Hope this helps. :)