Fix: Secure Boot isn’t configured correctly in Windows 8.1/10

The Secure Boot feature in Windows 10 or Windows 8.1/8, assures a user that his PC boots using only firmware that is trusted by the manufacturer and no one else. So, if there are any incorrect configurations, end users might be presented with Secure Boot isn’t Configured Correctly watermark in the bottom right corner of your desktop.

SecureBoot

Why does this feature assume importance? Well, when the Secure Boot is activated on a PC, the PC checks each piece of software, including the option ROMs, UEFI drivers, UEFI apps, and the operating system, against databases of known-good signatures maintained in the firmware. If each piece of software is valid, the firmware runs the software and the operating system. Unauthorized software such as rootkit viruses are prevented from running.

So if you see the Secure Boot isn’t configured watermark correctly on the desktop, it probably indicates that the Windows Secure Boot feature has either been disabled or hasn’t been set up on your PC. The problem wasn’t known much until early Windows 8 adopters started switching to the latest Windows 8.1 update available for free from the Windows Store.

Read: What is Secure Boot, Trusted Boot, Measured Boot.

Secure Boot isn’t configured correctly

A handful of users started getting Secure Boot Isn’t Configured Correctly message after upgrading to the new Windows 8.1. Even though no workaround has been made available right now, Microsoft offers a few instructions to get the problem fixed.

First, you need to check to see if Secure Boot has been disabled in the BIOS and in case it is, re-enable it. Then, you should try resetting the BIOS back to factory settings, and in case this doesn’t work, you could try resetting your PC back to factory state and then re-enable Secure Boot.

Read: How to Secure the Windows 10 Boot Process.

Disable or Enable Secure Boot

While I do not recommend that you disable Secure Boot, if the option is present on your system, should you wish to, you can disable Secure Boot, by tweaking your BIOS. Using Advanced Options in Windows 8, click on UEFI Firmware Settings and restart your PC. Now in your BIOS settings screen, in your motherboards UEFI settings, you will see the option to enable or disable Secure Boot, somewhere under the Security section.

View and Check the Event Viewer

To find out the possible reasons, you could check out the Windows Logs. The Windows Event Viewer shows a log of application and system messages – errors, information messages, and warnings.

  • Go to View Event Logs > Applications and Services Logs

Secure Boot isn't configured correctly

  • Next, choose Microsoft from the Right-pane and then Windows.
  • Now, under Microsoft select the Windows folder and search for Verify HardwareSecurity > Admin.

Admin

Then, look for either of these logged events:

  1. Secure Boot is currently disabled. Please enable Secure Boot through the system firmware. (The PC is in UEFI mode, and Secure Boot is disabled.) or
  2. A non-production Secure Boot Policy was detected. Remove Debug/PreRelease policy through the system firmware. (The PC has a non-production policy.)

You can also use PowerShell commands to check the status.

To see if Secure Boot is disabled, use the PowerShell command: Confirm-SecureBootUEFI. You’ll get one of these responses:

  1. True: Secure Boot is enabled, and the watermark won’t appear.
  2. False: Secure Boot is disabled, and a watermark will appear.
  3. Cmdlet not supported on this platform: The PC may not support Secure Boot, or the PC may be configured in legacy BIOS mode. The watermark won’t appear.

To see if you have a non-production policy installed, use the PowerShell command: Get-SecureBootPolicy. You’ll get one of these responses:

  1. {77FA9ABD-0359-4D32-BD60-28F4E78F784B}: The correct Secure Boot policy is in place.
  2. Anything other GUID: A non-production Secure Boot policy is in place.
  3. Secure Boot policy is not enabled on this machine: The PC may not support Secure Boot, or the PC may be configured in legacy BIOS mode. The watermark won’t appear.

Source: TechNet.

NOTE: Microsoft has now released an Update, which removes the “Windows SecureBoot isn’t configured correctly” watermark in Windows 8.1 and Windows Server 2012 R2. Go get it at KB2902864.

Posted by on , in Category Windows with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

21 Comments

  1. gbjohnson

    Thank you Anand – simple Bios change fixed the problem for me.
    Now I just have to find a way to fix the frequent blue screen “driver_IRQL_not_less_or_equal(netio.sys)” and Win 8.1 will be working properly.
    Bit surprised such problems were not fixed with the beta version?

    Graham (Australia)

  2. Paul Taupo NZ

    @gbjohnson:disqus . If Mcafee is installed uninstall it then use its removal tool. From here http://service.mcafee.com/FAQDocument.aspx?id=TS101331. Download is 1/2 way down

    Mcafee is a known cause of that stop error esp with that file

  3. gbjohnson

    Thank you Paul – yes I read that – I’m using Norton 360.
    Must be some driver not happy with 8.1.
    Haven’t found which yet – to do with netio.sys
    DriverMax pointed out a few to update but no sign of netio.
    Graham.

  4. gbjohnson

    I’ve always got the latest version. Thanks.
    I think I need to find out how to update the ‘netio.sys’ that is mentioned in the driver error message. If it is part of Win it will eventually come right I expect. We just like to have things work properly don’t we?

  5. Paul Taupo NZ

    I would get something like bluescreenview. http://www.nirsoft.net/utils/blue_screen_view.html. Install / run it. What does it say is the cause?

    The prob files will be highlighted. Quite possible your wireless/ethernet drivers are crashing netio.sys.

    Even tho netio.sys is crashing, it doesn’t mean it’s the cause of the crash.

    Something is making it crash. Whats the specs of your system?? Look in device manager under network adapters. What’s the name/brand of the network adapters here?

    Or dbl click on the network adapters / then go to the details tab. Change it to hardware id’s. Copy and paste a line in here or in Google. It’ll tell you what the device is (like realtek/atheros etc)

    Drivermax wont find a netio.sys update its a windows file.

    Not a device driver (ie: for a wireless / network adapter).

    You may have to find out what your wireless / ethernet drivers are (like realtek/atheros etc), (depending on which one you’re using when it crashes). Then update the drivers.

  6. gbjohnson

    That was interesting – will have to wait till it crashes again as no minidump files exist – presumably I’ve been cleaning things too well. (I’ve looked in the file – it’s empty).
    Looks like that bluesreenview program ought to solve the mystery tho. Thank you.
    My ASUS R701VZ was working fine till 8.1 update.
    Adaptors: Intel(R) Centrino(R) Wireless-N2230 (driver updated 22/8/13) and Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS6.30) (driver 1/4/13)

    Rolling the 1st back may fix it too? Or update the 2nd.

  7. Paul Taupo NZ

    Yup if u use ccleaner it can delete the dmp / memory dump files. You can untick the option under ccleaner / windows. I’ve read on a few sites some Intel wireless drivers are known to crash. Did you update from 8 or do a clean install of 8.1??

    Try these for the wireless

    https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=23327&lang=eng&OSVersion=Windows%208*&DownloadType=Software%20Applications

    Looks like theyre dated 21/10/13. They may include the BT drivers are well?

    Altho it says for OEM check the manufacturer’s site (the link below)

    Did you install the wireless drivers from the ASUS site? http://support.asus.com/download.aspx?SLanguage=en&p=3&s=392&m=R701VZ&os=&hashedid=n%2fa or are you using the drivers Win 8.1 installed?

    The ASUS drivers seem to be later than 22/8/13 (theyre from 12/10/13)

    Looks like the drivers from the ASUS site may include the wireless and the LAN drivers?? Cant see any LAN drivers on the ASUS site

    For the ethernet / LAN try dbl clicking on the entry in device manager, update it through windowsupdate. See if it picks a later driver up

    If you updated the wireless drivers before, did it crash before if youre asking to roll them back?

  8. gbjohnson

    I’ve unticked the cleaners (Toolwiz Care also – I’ve tried lots of things lately). Those new ASUS drivers have just appeared for 8.1 – I had been looking there. Thanks again. Went to 8.1 as an update – didn’t lose anything. No previous crashes – just thinking of 8.1 incompatibility – silly really.

    I just opened lots of tabs in 6 browsers as simultaneously as possible TRYING TO CRASH so I can run bluescreenview! It didn’t. Think I’ll wait for a crash before updating drivers. Had plenty of crashes yesterday…..
    Thank you very much for your help Paul – I’m sure we’re close.

  9. gbjohnson

    Funny thing happened yesterday Anand when I went down those tracks – ended up with a starting loop (from running ‘verify.exe’) – was a bit worrying for awhile! Went into F9, advanced options, startup settings, ‘safe mode’, disabling Norton then turned off ‘auto restart’ – got control again – thank goodness. Good experience though!

  10. Paul Taupo NZ

    Anytime Graham 🙂 There (maybe) entries in event viewer when it crashed. But it may only show netio.sys as the cause.

    If you want, next time it crashes, I could use teamviewer http://www.teamviewer.com to check it out. Its like remote desktop, but the person at the other end can see what the helper is doing. And you can also xfer / files and chat

    Then we’ll see what bluescreenview brings up (and hopefully) it’ll show the other files that are making netio.sys crash. And then we can go from there. Anyway let me know, and I’ll post my email addy here. Unless you’ve got something like Skype, I’ll add you. To make it easier to communicate

  11. Paul Taupo NZ

    Looks like MS have now released a fix for this prob. As of 28/10/2013

    http://support.microsoft.com/kb/2902864

  12. gbjohnson

    Couple of graphics driver updates via Windows Update yesterday too – the 1.8 wrinckles will gradually be ironed out – early days yet. Plus the makers ones – eg ASUS.

  13. Paul Taupo NZ

    So I take it it hasnt crashed yet / again?

  14. gbjohnson

    Just thought I’d clean up some startup item before I replied Paul then bingo – it crashed!
    Bluescreen view worked this time:- (top line) =

    103113-56359-01.dmp 31/10/2013 11:41:20 AM DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 00000000`00000008 00000000`00000002 00000000`00000000 fffff800`01396909 NETIO.SYS NETIO.SYS+17909 Network I/O Subsystem Microsoft® Windows® Operating System Microsoft Corporation 6.3.9600.16384 (winblue_rtm.130821-1623) x64 ntoskrnl.exe+14dca0 C:WindowsMinidump103113-56359-01.dmp 8 15 9600 293,664 31/10/2013 11:43:36 AM

    Network I/O subsystem to blame apparently. That = the network adaptors? Their drives were just updated by WinUpdate yesterday.
    I’m off to the dientist soon – will have to play later.

  15. Paul Taupo NZ

    netio.sys is a network related file, but its not part of network adapters.

    Are there any other files highlighted in pink? It may show netio.sys as the cause up the top. Look at the bottom see what files are highlighted in pink (or in bold). What network adapter are you using to get online, ethernet or wireless? What startup entries did you delete?

    And WHEN does it usually crash?? With netio.sys if you use something like file sharing programs, it’ll crash too

    If you want zip that dmp file send it to speedytheneedyatgmail.com. I’ll put it thru BSV here. So I can see what else is installed. Replace at (obviously) with @

  16. Paul Taupo NZ

    Just replied to ur email Graham

  17. Guest

    Is Toolwiz care and B safe installed?? Because according to the site

    http://www.toolwiz.com/products/toolwiz-bsafe/ it says

    3) Do not install both ToolWiz Care and ToolWiz BSafe in the
    same PC.

  18. Paul Taupo NZ

    Is Toolwiz care and B safe installed?? Because according to the site

    http://www.toolwiz.com/product… it says

    3) Do not install both ToolWiz Care and ToolWiz BSafe in the
    same PC.

  19. gbjohnson

    Back from the dentist……………….
    I DO have a lot of things installed that I try out so have not been all that worried – have been gradually stopping them – however most don’t start themseves.

    I see things recommended on ‘Giveaway of the day’ & try them out for fun/interest.

    Norton 360 is my main security, I buy that – no other Norton item altho it recently updated to a new version so could have problems. I’d rather leave that on & get rid of the others 1st.

    ‘Toolwiz Care’ only -. ‘Wise Care 365’ is another one. ‘Baido PC Faster’ also – haven’t used it yet but it put itself on the startup – now gone. ‘Iobit Malware Fighter’ has been running.
    I’ll now delete these & see what happens. One of them, or the new Norton version is likely the cause.
    Hope you haven’t been tearing your hair out Paul………………

Leave a Reply

Your email address will not be published. Required fields are marked *


7 + 1 =