Solved No longer able to boot from MR boot entry


M

Mark Phelps

Well-known member
Member
VIP
Local time
6:33 AM
Posts
505
OS
Windows 11
Running MR v10.0.8843 and have the boot menu installed. When I tried to boot from it today, it gave me an error screen about the file winload.efi claiming that the digital signature of that file can't be verified, error 0xc0000428.

I removed the boot entry using MR and rebiult it -- but it still fails.

I thought I saw a thread some time back about special steps you have to take now to build the boot menu, but I can't find that thread.

I also rebuilt the USB boot stick but it has the same issues.

NOTE: I have another version of Win11 on this same PC, and it is using MR v10.0.8750 -- and it boots into the MR boot option just fine! So, maybe the solution is to reinstall MR 8750 on this version.
 
Windows Build/Version
25H2 26200.8457 64-bit
Last edited:

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Ryzen 5600X
    Motherboard
    ASRock Steel Legend
    Memory
    16GB
    Graphics Card(s)
    EVGA GT 710
    Sound Card
    None
    Monitor(s) Displays
    23",24", 19" - flat panels
    Screen Resolution
    1920x1200
    Hard Drives
    None - only M.2 SATA and NVMe drives
    PSU
    750W
    Case
    Antec
    Cooling
    stock Wraith cooler
    Keyboard
    Corsair gaming
    Mouse
    Logitech M720
    Internet Speed
    1Gb
Enforcement of a SkuSiPolicy file (deployed on the EFI partition) can lead to winload.efi signature errors. The SkuSiPolicy dictates which versions of the winload.efi are allowed for booting purposes. Some versions are explicitly banned for security reasons.

You have three options:

1. Find a different source for the WinRE or WinPE WIM, which has a compliant version of winload.efi. The winload.efi file version can change between different versions of the source WIM. A later version of the WIM might work. This is a Macrium issue.

2. Disable SkuSiPolicy enforcement.
- Disable Secure Boot mode, and restart Windows.​
- Run the commands:​
Code: 
mountvol S: /s
del S:\EFI\Microsoft\Boot\SkuSiPolicy.p7b
mountvol S: /d
- Shutdown Windows. Re-enable Secure Boot and reboot.​

3. Temporarily disable Secure Boot, when booting from this device if you can't find a newer WIM or don't want to disable SkuSiPolicy protections.
 

My Computer

System One

  • OS
    Windows 7
@Mark Phelps


All I can tell ya is what we had to do to "rebuild" the MR USB bootable media, after the certification voodoo by MS...

How to get a new "base WIM" (these were the directions direct from MR forums)

1. Open Control Panel and click on Macrium Reflect
2. Click Uninstall (but don't uninstall). Instead...
3. Click on "Remove Windows PE component files" and make sure to UNcheck "Uninstall Macrium Reflect.
4. Then click OK...

Image1.webp


Then when rebuilding the Media... click on...

5. Advanced and choose...
6. "Choose Base WIM"
7. Then choose the topmost entry...

Now when you rebuild your media, or I assume your boot entry, MR will download a new Win PE ADK...

Image2.webp



This was for MR 8.1 (paid).
If that doesn't fix things, then try this instead or as well...

www.elevenforum.com

Enable or Disable Microsoft Vulnerable Driver Blocklist in Windows 11

This tutorial will show you how to turn on or off the Microsoft Vulnerable Driver Blocklist for all users in Windows 10 and Windows 11. Starting with Windows 10 (KB5018482) and Windows 11 (KB5018483 and KB5018496), the Microsoft Vulnerable Driver Blocklist is enabled by default. The vulnerable...
www.elevenforum.com www.elevenforum.com





I just searched ther knowledge base...

Macrium Reflect X

Macrium Reflect X
kbx.macrium.com


Specifically... (and this looks pretty much the same as I described above)


Managing the Boot Media Signing Certificate for Macrium Reflect Rescue Media

rescue media, certificates, Macrium update, boot issues
kbx.macrium.com
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26200.8655 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
Ghot said:
@Mark Phelps


All I can tell ya is what we had to do to "rebuild" the MR USB bootable media, after the certification voodoo by MS...

How to get a new "base WIM" (these were the directions direct from MR forums)

1. Open Control Panel and click on Macrium Reflect
2. Click Uninstall (but don't uninstall). Instead...
3. Click on "Remove Windows PE component files" and make sure to UNcheck "Uninstall Macrium Reflect.
4. Then click OK...

View attachment 172430


Then when rebuilding the Media... click on...

5. Advanced and choose...
6. "Choose Base WIM"
7. Then choose the topmost entry...

Now when you rebuild your media, or I assume your boot entry, MR will download a new Win PE ADK...

View attachment 172431



This was for MR 8.1 (paid).
If that doesn't fix things, then try this instead or as well...

www.elevenforum.com

Enable or Disable Microsoft Vulnerable Driver Blocklist in Windows 11

This tutorial will show you how to turn on or off the Microsoft Vulnerable Driver Blocklist for all users in Windows 10 and Windows 11. Starting with Windows 10 (KB5018482) and Windows 11 (KB5018483 and KB5018496), the Microsoft Vulnerable Driver Blocklist is enabled by default. The vulnerable...
www.elevenforum.com www.elevenforum.com





I just searched ther knowledge base...

Macrium Reflect X

Macrium Reflect X
kbx.macrium.com


Specifically... (and this looks pretty much the same as I described above)


Managing the Boot Media Signing Certificate for Macrium Reflect Rescue Media

rescue media, certificates, Macrium update, boot issues
kbx.macrium.com
Click to expand...
Thanks for the MR thread. I had the wrong default WIM selected.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Ryzen 5600X
    Motherboard
    ASRock Steel Legend
    Memory
    16GB
    Graphics Card(s)
    EVGA GT 710
    Sound Card
    None
    Monitor(s) Displays
    23",24", 19" - flat panels
    Screen Resolution
    1920x1200
    Hard Drives
    None - only M.2 SATA and NVMe drives
    PSU
    750W
    Case
    Antec
    Cooling
    stock Wraith cooler
    Keyboard
    Corsair gaming
    Mouse
    Logitech M720
    Internet Speed
    1Gb
  • Like
Reactions: OAT
Mark Phelps said:
Thanks for the MR thread. I had the wrong default WIM selected.
Click to expand...


We've all been there. ^^

Macrium should automatically download a new Win 11 PE ADK anytime we rebuild.
Maybe they'll have that in Reflect XI :D


Currently, MR saves the last Win 11 PE ADK we used, in the MR folder and just reuses it if we rebuild.
Most of the time this is fine. But then... Along came MS and messed around with Secure Boot.

Fortunately, MS also updated their Win 11 PE ADK. Unfortunately, MR doesn't auto-download it.


Microsoft vs Eleven Forum.webp
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26200.8655 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
You must log in or register to reply here.

Similar threads

three Windows 11 installed . Can only boot from one in Dual-Multi boot startup menu.
Replies
9
Views
2K
gundobaldo66
G
Making Win 11 golden image using WinPE and DISM - but boot entries are not correct when FFU is pushed
Replies
1
Views
3K
FreeBooter
FreeBooter
Solved Error Booting from MR Rescue Media
Replies
3
Views
2K
Scott
Scott
Solved Can't boot from Macrium reflect rescue media usb
Replies
14
Views
14K
The-Hive
The-Hive
Is it safe to delete this boot entry ?
Replies
4
Views
5K
zbook
Z

Latest Support Threads

Latest Tutorials

Back
Top Bottom