We can confirm that Server 2019 VMs are crashing after installing KB5030214.
We are running
- Hypervisor:VMware ESXi, 7.0.3, 20036589
- Model:ProLiant DL385 Gen10 Plus
- Processor Type:AMD EPYC 7402 24-Core Processor
Our VMs are using SCSI Controller " VMware Paravirtual".
As soon as we are running into the hanging Windows Logo screen, we are able to revert the MS update with these steps:
- Turn off VM
- Change SCSI Controller from "VMware Paravirtual" to "LSI Logic SAS"
- Deactivate VBS, I/O MMU and secure boot on VM virtual layer
- Boot into CMD (Windows Recovery environment)
- Sign in with local Administrator
- Mkdir C:\scratch
- dism /english /image:C:\ /Get-Packages /Format:Table
- dism /image:C:\ /scratchdir:C:\scratch /cleanup-image /revertpendingactions
- Power off VM
- Change SCSI Controller from "LSI Logic SAS" to " VMware Paravirtual"
- Activate VBS, I/O MMU and secure boot on VM virtual layer
- PowerOn VM
- VM is boot and screen appears "We couldn't complete the updates. Undoing changes. Don't turn off your computer"
- VM is running again
As soon as the VM is booting in OS again without installed KB5030214 we have performed this:
Deactivated VBS, I/O MMU and secure boot on VM layer, deactivating VBS via GPO. Deleted the Credential Guard EFI variables by using bcdedit like Microsoft has described it here: Disable Credential Guard with UEFI lock
We did set this regkey additionally:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard]
"ConfigureSystemGuardLaunch"=dword:00000000
After installing KB5030214, we are still facing the same result: "VM is hanging in Windows Logo screen".
Why did you migrate the VMs from AMD to Intel Host? Was it because you needed the get Windows Recovery environment. In our case we have got it, like though changing the SCSI Controller like desrcibed above.
After you have re-enable VBS and set Secure Launch Configuration to "Not configured", where you able to patch the VM with KB5030214 successfully?