A VM which was previously running fine fails to reboot with the error message "This virtual Machine's Secure Boot configuration is not valid. The virtual machine will now power off."

The vmware.log file for the VM (/vmfs/volumes/datastore/VM_folder/vmware.log) contains the following error:

[msg.uefi.secureboot.configInvalid] This virtual machine's Secure Boot configuration is not valid.

ESXi 8.0

ESXi 7.0

This happens when the nvram file is corrupt or has too many boot entries.

If the VM is powered off, the nvram file can be safely removed using the command: mv VM_NAME.nvram VM_NAME.nvram.old

A new nvram file will then be created when the VM is powered on.

If the VM is powered on, you can check the boot entries using the following commands:

• Windows: bcdedit /enum firmware
• Linux: efibootmgr -v

Once the source of the duplicate/multiple boot entries has been identified, unwanted boot entries can be removed following vendor advice or documentation.