This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 37%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Hi,
I am seeing event ID 1801:
Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.
on our Windows 2022 servers that is related to the Windows UEFI CA 2023 update. I worked with VMWare tech support and at this point they have referred me to Microsoft tech support to continue troubleshooting. Has anyone had luck resolving event ID 1801 in VMWare environments?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Good morning,
I hope you are doing well.
Have you found the answer useful? If everything is okay, don't forget to share your experience with the issue by accepting the answer. Should you need more information, free free to leave a message. Happy to help! :)
Domic Vo.
Hello,
The event ID 1801 you are seeing on your Windows Server 2022 systems is directly related to Windows for Business, since it involves Secure Boot certificate updates in enterprise server environments. It is not related to Windows 365 Enterprise, which is a cloud desktop service.
Event 1801 indicates that updated Secure Boot certificates (specifically the Windows UEFI CA 2023 update) are available but have not yet been applied to the firmware. Microsoft introduced this update to revoke older, vulnerable bootloaders and maintain the integrity of Secure Boot. In VMware environments, the complication arises because the virtual firmware (VMware’s UEFI implementation) does not automatically consume or apply the updated Secure Boot certificates the same way physical hardware does. As a result, Windows detects the pending update but cannot finalize it, leaving the event recurring.
The official Microsoft guidance is that the Secure Boot DB/KEK updates must be applied at the firmware level. On physical servers, this happens through BIOS/UEFI updates from the OEM. In VMware, the hypervisor’s virtual UEFI firmware must be updated to a build that incorporates the new Secure Boot certificate database. If VMware has not yet released a patch or updated firmware package that integrates the 2023 UEFI CA update, the event will persist. That is why VMware support redirected you to Microsoft: the OS is correctly reporting the condition, but the underlying fix depends on VMware’s virtual firmware support.
At this point, there is no registry or GPO workaround to suppress or resolve event 1801. The only supported resolution is for VMware to release updated virtual firmware that incorporates the Secure Boot certificate update. Until then, the event can be safely ignored if your environment does not rely on Secure Boot enforcement inside the VM, but it cannot be cleared permanently.
I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!
Domic Vo.
