Windows Server
Active Directory
- Group Policies
Windows Clients
- Windows 10
- Windows 8
- Windows 7
- MS Office
- Outlook
Virtualization
- VMWare
- Hyper-V
PowerShell
Exchange

Home
About

Windows Server
Active Directory
- Group Policies
Windows Clients
- Windows 10
- Windows 8
- Windows 7
- MS Office
- Outlook
Virtualization
- VMWare
- Hyper-V
PowerShell
Exchange

Windows OS Hub / Hyper-V / Hyper-V Boot Error: The Image’s Hash and Certificate Are not Allowed

March 4, 2020 CentOS Hyper-V Linux

Hyper-V Boot Error: The Image’s Hash and Certificate Are not Allowed

I came across an interesting issue when trying to install Linux CentOS on a virtual machine running on a Hyper-V server (the type of the virtual machine was “Generation 2” with UEFI support). I had downloaded CentOS 7 installation file (ISO), created a new gen2 type VM in Hyper-V, mounted the ISO file and tried to boot the VM from the installation ISO. However, when booting the VM, the following error message appeared in the Hyper-V console:

SCSI DVD (0,0). The image's hash and certificate are not allowed (DB).

No UEFI-compatible file system was found.

No operating system was loaded. Press a key to retry the boot sequence…

The problem is that Hyper-V by default is using UEFI with Secure Boot mode enabled for its Generation 2 virtual machines. Secure Boot prevents boot from an untrusted Linux bootloader in the ISO file (the Linux bootloader neither signed nor certified by Microsoft).

To start Linux installation, I had to disable Secure Boot in the virtual machine settings (Settings -> Security -> uncheck the option Enable Secure Boot).

Or you can leave Secure Boot enabled, but use Microsoft UEFI Certificate Authority template instead of Microsoft Windows. According to Microsoft information, this template allows you to run Linux distros in the Secure Boot compatibility mode.

Restart your VM and try to boot it again from the CentOS installation ISO image or another Linux distribution (I managed to run CentOS 8 and Ubuntu 19.04 installation using this method).

In the same way, you can manage Secure Boot and templates setting of VM using PowerShell. Here is how you can get the current VM firmware settings:

Get-VMFirmware -VMName "centos7"

To disable Secure Boot mode for your VM:

Set-VMFirmware -VMName "centos7" -EnableSecureBoot Off

In order to change the bootloader certificate validation template to the one compatible with most Linux distros:

Set-VMFirmware -VMName "centos7" -EnableSecureBoot On -SecureBootTemplate "MicrosoftUEFICertificateAuthority"

1 comment

1

1 comment

Vidula May 26, 2020 - 6:22 am

Thank you for providing an actual solution instead of just disabling it.

Reply

Leave a Comment Cancel Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Current ye@r *

Leave this field empty

Recent Posts

How to Restore Active Directory from a Backup?
July 9, 2020
Unable to Access SYSVOL and NETLOGON folders from Windows 10
July 7, 2020
Licensing Mode for Remote Desktop Session Host is not Configured
June 12, 2020
Native SSH Port Forwarding (Tunneling) on Windows 10
June 11, 2020
How to Clear RDP Connections History in Windows?
June 9, 2020
Connecting Windows via SSH Using Built-in OpenSSH Server
June 5, 2020
MBR2GPT: Converting MBR to GPT Disk in Windows 10
June 4, 2020
Windows Boot Error: An Operating System Wasn’t Found
June 3, 2020
How to Create a UEFI Bootable USB Drive to Install Windows 10 or 7?
June 2, 2020
How to Backup Active Directory Domain Controller?
June 1, 2020

Using iPerf to Test Network Speed and Bandwidth (Throughput)
How to Configure MariaDB Master-Master/Slave Replication?
How to Install & Configure Repositories in CentOS/RHEL?
KVM: How to Expand or Shrink a Virtual Machine Disk Size?
How to Manage Services & Scripts Startup on CentOS/RHEL?
CentOS 8: Installation & Basic Configuration Guide
Keepalived: Configuring High Availability with IP Failover on CentOS/RHEL

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins

Back To Top

Hyper-V Boot Error: The Image’s Hash and Certificate Are not Allowed

How to Block a Domain or Website on Windows Defender Firewall with PowerShell?

Set-ADComputer: How to Change AD Computer Properties and Add Logged User Info?

Related Reading

1 comment

Leave a Comment Cancel Reply