Lenovo Servers Bricked After Windows Update
-
Symptom
Lenovo M5 or X6 systems running Microsoft Windows Server 2016, Server 2012R2 or Server 2012 can be rendered inoperable after applying one of the updates specified below for Microsoft Windows Server:
- Windows Server 2016 November 2016 Rollup: https://support.microsoft.com/en-us/kb/3200970
- Windows Server 2012R2 November 2016 Rollup: https://support.microsoft.com/en-us/kb/3197874 or https://support.microsoft.com/en-us/kb/3197873
- Windows Server 2012 November 2016 Rollup: https://support.microsoft.com/en-us/kb/3197877 or https://support.microsoft.com/en-us/kb/3197876
- Security Update MS16-140: https://support.microsoft.com/en-us/kb/3193479
Only Lenovo Systems running Windows Server 2012 or Windows Server 2012R2 and configured with secure boot are exposed. Lenovo Systems running Windows Server 2016 are exposed regardless of the secure boot configuration.
The system will not complete POST and hangs at the Lenovo splash screen.
-
The system may be any of the following Lenovo servers:
- Lenovo Flex System x240 M5 Compute Node, Type 2591, any model
- Lenovo Flex System x240 M5 Compute Node, Type 9532, any model
- Lenovo Flex System x280 X6 Compute Node, Type 4258, any model
- Lenovo Flex System x280 X6 Compute Node, Type 7196, any model
- Lenovo Flex System x480 X6 Compute Node, Type 4258, any model
- Lenovo Flex System x480 X6 Compute Node, Type 7196, any model
- Lenovo Flex System x880 X6 Compute Node, Type 4258, any model
- Lenovo Flex System x880 X6 Compute Node, Type 7196, any model
- Lenovo NeXtScale nx360 M5 AC, Type 5465, any model
- Lenovo NeXtScale nx360 M5 WC, Type 5467, any model
- Lenovo System x3250 M6, Type 3633, any model
- Lenovo System x3250 M6, Type 3943, any model
- Lenovo System x3500 M5, Type 5464, any model
- Lenovo System x3550 M5, Type 5463, any model
- Lenovo System x3550 M5, Type 8869, any model
- Lenovo System x3650 M5, Type 5462, any model
- Lenovo System x3650 M5, Type 8871, any model
- Lenovo System x3850 X6, Type 6241, any model
- Lenovo System x3950 X6, Type 6241, any model
This tip is not option specific.
-
Workaround
Disable automatic Windows updates.
To install the November 2016 Rollup or Security Update MS16-140 after updating the UEFI code, customers will need to download the code directly from Microsoft (links provided in Symptom section above) instead of using Microsoft Update.
Do not install the Microsoft Windows Server 2016, 2012R2 or 2012 November update before applying fixed UEFI firmware as specified in the “Solution” section
Replacing the system board will not fix the issue.
-
That's not good. That's a major flaw in the UEFI to allow such a simple thing to brick the hardware.
-
Is that something that totally hoses the system to the point that it can't even boot a rescue CD?
-
@dafyre said in Lenovo Servers Bricked After Windows Update:
Is that something that totally hoses the system to the point that it can't even boot a rescue CD?
Yes, even replacing the motherboard itself doesn't allow it to boot.
-
@scottalanmiller said in Lenovo Servers Bricked After Windows Update:
@dafyre said in Lenovo Servers Bricked After Windows Update:
Is that something that totally hoses the system to the point that it can't even boot a rescue CD?
Yes, even replacing the motherboard itself doesn't allow it to boot.
I wasn't talking about booting from the HD... I meant that it won't even let you boot from a recovery DVD or anything?
If not... then Yikes!
-
@scottalanmiller said in Lenovo Servers Bricked After Windows Update:
@dafyre said in Lenovo Servers Bricked After Windows Update:
Is that something that totally hoses the system to the point that it can't even boot a rescue CD?
Yes, even replacing the motherboard itself doesn't allow it to boot.
wtf - that's horrendous
-
@MattSpeller said in Lenovo Servers Bricked After Windows Update:
@scottalanmiller said in Lenovo Servers Bricked After Windows Update:
@dafyre said in Lenovo Servers Bricked After Windows Update:
Is that something that totally hoses the system to the point that it can't even boot a rescue CD?
Yes, even replacing the motherboard itself doesn't allow it to boot.
wtf - that's horrendous
Welcome to the world of UEFI and SecureBoot.
-
All in the name of preventing people from loading an OS on their computer that they actually WANT to use, lol... Even if they don't want the computers form this manufacturer, ha ha.
-
@dafyre said in Lenovo Servers Bricked After Windows Update:
All in the name of preventing people from loading an OS on their computer that they actually WANT to use, lol... Even if they don't want the computers form this manufacturer, ha ha.
Exactly. In the process of trying to screw customers, they screwed customers more than intended.
-
@dafyre said in Lenovo Servers Bricked After Windows Update:
All in the name of preventing people from loading an OS on their computer that they actually WANT to use, lol... Even if they don't want the computers form this manufacturer, ha ha.
I fully await the future where this applies to other things, i.e., your Ford engine explodes because you put in Shell gasoline and not Ford-approved BP fuel.
-
@ChrisL said in Lenovo Servers Bricked After Windows Update:
@dafyre said in Lenovo Servers Bricked After Windows Update:
All in the name of preventing people from loading an OS on their computer that they actually WANT to use, lol... Even if they don't want the computers form this manufacturer, ha ha.
I fully await the future where this applies to other things, i.e., your Ford engine explodes because you put in Shell gasoline and not Ford-approved BP fuel.
Easily doable now, if the vehicle designers so desired.
All fuel comes up the pipelines in a standard clean form from the refiners to the regional terminals.
When the driver pulls up to the terminal to fill the tanker he punches in a set of codes saying that he needs 3000 gallons BP 87 octane in compartment 1 and 2000 gallons of BP 93 octane in compartment 2.
The system begins pumping in standard 87 and 93 octane as specified and then drops in the specified additives during loading. Those additives are what makes it "BP" fuel.
Those additives could easily be tracked by a sensor in the fuel system.
-
@mlnews said in Lenovo Servers Bricked After Windows Update:
The system will not complete POST and hangs at the Lenovo splash screen.
Say what? How does applying an OS patch cause POST to fail/hang?
-
@Dashrender said in Lenovo Servers Bricked After Windows Update:
@mlnews said in Lenovo Servers Bricked After Windows Update:
The system will not complete POST and hangs at the Lenovo splash screen.
Say what? How does applying an OS patch cause POST to fail/hang?
-
@dafyre said in Lenovo Servers Bricked After Windows Update:
All in the name of preventing people from loading an OS on their computer that they actually WANT to use, lol... Even if they don't want the computers form this manufacturer, ha ha.
There's a LOT more to it than that.
And while I'll gladly leave room for that being a major reason Secure Boot has been pushed - at least the given explanations that it's to help the system boot into a known good/clean mode (malware free), makes sense.
-
@MattSpeller said in Lenovo Servers Bricked After Windows Update:
@Dashrender said in Lenovo Servers Bricked After Windows Update:
@mlnews said in Lenovo Servers Bricked After Windows Update:
The system will not complete POST and hangs at the Lenovo splash screen.
Say what? How does applying an OS patch cause POST to fail/hang?
That sums it up. UEFI + SecureBoot does some truly evil things.
-
@scottalanmiller said in Lenovo Servers Bricked After Windows Update:
@MattSpeller said in Lenovo Servers Bricked After Windows Update:
@Dashrender said in Lenovo Servers Bricked After Windows Update:
@mlnews said in Lenovo Servers Bricked After Windows Update:
The system will not complete POST and hangs at the Lenovo splash screen.
Say what? How does applying an OS patch cause POST to fail/hang?
That sums it up. UEFI + SecureBoot does some truly evil things.
"sums it up" in a nice and chewy light and fluffy 10k word saga
I regret being interested in it and I'm only half way through lol
-
@MattSpeller said in Lenovo Servers Bricked After Windows Update:
@Dashrender said in Lenovo Servers Bricked After Windows Update:
@mlnews said in Lenovo Servers Bricked After Windows Update:
The system will not complete POST and hangs at the Lenovo splash screen.
Say what? How does applying an OS patch cause POST to fail/hang?
Damn.. long but good read!
-
so this was a feature improvement on Microsoft's part?
