Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines (VMs) deployed on VMware ESXi hosts.
Windows admins first reported experiencing VM start issues [1, 2, 3, 4, 5] after deploying last month’s KB5031364 cumulative update.
The company confirmed the issue days later, saying it only affects guest VMs on VMware ESXi hosts with an AMD Epyc physical processor, the “Expose IOMMU to guest OS” VMware option toggled on, and Virtualization Based Security and System Guard Secure Launch enabled in Windows Server 2022.
As Microsoft revealed during this month’s Patch Tuesday, the root cause has now been addressed with the release of the KB5032198 Windows Server 2022 cumulative update.
“This update addresses a known issue that affects virtual machines (VMs) that run on VMware ESXi hosts,” Redmond said.
“Windows Server 2022 might fail to start up. The affected VMs will receive an error with a blue screen and a stop code: PNP DETECTED FATAL ERROR.”
Temporary workarounds also available
Windows administrators unable to immediately install the November 2023 Patch Tuesday updates also have temporary solutions to circumvent this known issue.
One approach involves toggling off “Expose IOMMU to guest OS” in the affected virtual machines’ settings. Yet, this workaround might be viable for a restricted set of systems only, as specific environments require this option to be enabled by default.
Alternatively, as a last resort, uninstalling the problematic KB5031364 update can address the VM boot problems with a significant downside: this will also remove all security patches deployed with the update.
In January and December 2022, Microsoft released out-of-band Windows Server updates to resolve issues blocking Hyper-V VMs from booting and causing problems when creating new VMs on specific hosts.
Earlier this year, Microsoft acknowledged a similar issue impacting VMware ESXi VMs with Secure Boot enabled after the installation of February 2023 cumulative updates.
Subsequently, VMware promptly released emergency updates for vSphere ESXi to address the underlying cause behind the VMs’ inability to locate a bootable operating system.