That is interesting Eduardo thanks.  I have been wondering what happens if I just copy that dbxupdate.bin from one of my successful machines.  I didn't want to risk not booting and admit I'm not exactly sure how the update worked.  That dbxupdate.bin updates the revocation list?  The revocation list resides in the UEFI/BIOS?Is KB4535680 the same as following these instructions effectively?

https://support.microsoft.com/en-us/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-e3b9e4cb-a330-b3ba-a602-15083965d9ca

Hi @JMcR

I'll update your encounter on R740s in this post case for effected users. We'll be keeping in touch with the internal escalation team. 

Watching this closely

Having the same issues on 4xPowerEdge R740's on Server 2019. Latest BIOS and SSU installed.

Microsoft say to consult OEM, OEM says go back to Microsoft. 

In place upgrade is not an option in our environment. Need a better solution.

Same issue on R740 with Windows Server 2019.  Please advise when patched.

Same problem here. T430, Win Server 2016

Sorry, but this is a bit too complicated for a DIY admin in a small company.

Hi,

It looks complicated to me at first too, but after reading the engineering message to me, it's simple.

Just open notepad, copy the full text that I provided and save it as yourowntext.ps1. Then run the saved file as administrator, it should prompt a pop up (depending on OS version, some OS will not prompt). Once it's done. Rerun the Windows update patch. That's it. 

Let me know if it works for you.

I have tried it as you described, most of these commands failed. Stating that E:\EFI\BOOT does not exist etc.   This was failing because my CD Rom drive was using the driver letter E:\ I'm not sure why your script would mount a drive to the same letter. I changed the CD Rom to G:\ and when I reran the command it worked.

Then, the installation of the update failed anyway. Solve via the method above.

Then finished with a The path 'C:\Dell\https:\dell.to' either does not exist or is not a valid file system path. - This step still didn't work, I'm unsure how necessary this step is as it appears only to be collecting logs, but otherwise, this PS script appears to have worked.

Thank you

@Dell-Martin S Not sure if you caught my edit, it worked after I changed a few things.

Hi,

we will discuss this internally and provide you feedback.

Worked for me on PE T640. Thanks!

Powershell script fixed it on my XPS 9550 too. Thanks!

This powershell script resolved the issue for me, although it did error out during the automated log collection phase due to a path issue.

Hi Joey

My servers are in an environment where they do not have direct communication to the internet, updates are applied through SCCM.

I ran a shortened and slightly modified version of the script: 

#Launch PowerShell as Administrator

#Select Available Drive Letter.

$Drive = Get-ChildItem Function:[H-Z]: -Name | Where-Object { -not (Test-Path -Path $_) } | Select-Object -First 1

#Mount EFI System Partition.

MOUNTVOL $Drive /s

#Backup bootx64.efi.

If ( ( Test-Path -Path C:\Dell\KB4535680 ) -eq $False ) { New-Item -Type Directory -Path C:\Dell -Name KB4535680 }

Copy-Item -Path $Drive\EFI\Boot\bootx64.efi -Destination C:\Dell\KB4535680\bootx64.efi

Rename-Item -Path $Drive\EFI\Boot\bootx64.efi -NewName $Drive\EFI\Boot\bootx64.efi.bak

#Replace bootx64.efi.

Copy-Item -Path $Drive\EFI\Microsoft\Boot\bootmgfw.efi -Destination $Drive\EFI\Boot\bootx64.efi

Even though E:\ was unassigned, I had to modify the first line of the script to start from the first available drive letter, H

After running this, the update installed through SCCM OK.

Hi,

Thanks all for the feedback that it's working for most of you. Though, there is some errors on the script on the last few lines, which my reply tool thinks that there is an URL and shortened it. Here's an amended one. Same as the steps from my previous reply to run the script. Notepad, copy, save as .ps1, run it and rerun Windows update.