🟑 Medium   ⏱ 5–30 min  Last verified: 29 May 2026
Affected versions: Windows Server 2022

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution β€” Primary Fix
  7. Solution β€” Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Generation 2 VM deployment fails on Windows Server 2022, delaying service onboarding and test environment delivery.

Environment & Reproduction

Occurs when VM firmware settings use an incompatible secure boot template for the guest OS image.

New-VM -Name TestGen2 -Generation 2 -MemoryStartupBytes 2GB
Set-VMFirmware -VMName TestGen2 -EnableSecureBoot On

Root Cause Analysis

Guest boot chain validation fails because the secure boot template does not match the installed OS distribution.

Quick Triage

Inspect firmware configuration and boot diagnostics.

Get-VMFirmware -VMName TestGen2 | Format-List
Get-WinEvent -LogName Microsoft-Windows-Hyper-V-VMMS-Admin -MaxEvents 20

Step-by-Step Diagnosis

Validate secure boot template and attached installation media.

Get-VMHardDiskDrive -VMName TestGen2
Get-VMDvdDrive -VMName TestGen2
Illustrative mockup for windows-server-2022 β€” terminal_or_powershell
Diagnostic output for Gen2 VM provisioning β€” Illustrative mockup β€” Progressive Robot

Solution β€” Primary Fix

Set the correct secure boot template or disable secure boot for unsupported media.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Set-VMFirmware -VMName TestGen2 -SecureBootTemplate MicrosoftWindows
# or
Set-VMFirmware -VMName TestGen2 -EnableSecureBoot Off
Illustrative mockup for windows-server-2022 β€” event_or_log_viewer
Resolution for secure boot template mismatch β€” Illustrative mockup β€” Progressive Robot

Solution β€” Alternative Approaches

Recreate VM with validated template defaults and fresh VHDX.

Remove-VM TestGen2 -Force
New-VM -Name TestGen2 -Generation 2 -NewVHDPath D:VMTestGen2.vhdx -NewVHDSizeBytes 64GB

Verification & Acceptance Criteria

VM boots installer successfully and no firmware errors are logged.

Start-VM TestGen2
Get-VM TestGen2 | Select State,Status

Rollback Plan

Revert firmware changes and restore VM export baseline if required.

Set-VMFirmware -VMName TestGen2 -EnableSecureBoot On

Prevention & Hardening

Maintain approved templates for guest OS families and enforce provisioning standards.

Get-VMFirmware -VMName * | Select VMName,SecureBoot,SecureBootTemplate

Related: PXE boot loops, virtual TPM policy errors, and shielded VM provisioning constraints.

Related tutorial: View the step-by-step tutorial for Windows Server 2022.

View all Windows Server 2022 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft Learn guidance for Gen2 VMs, secure boot templates, and Hyper-V firmware configuration.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.