• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Join the HP Community Solve‑a‑thon | Help Others & Share Your Solutions | Live on Zoom | 2:30 PM to 2:30 AM IST | Every Wednesday Click here to know more
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.

‎04-30-2026 10:48 AM

HP Recommended
Product: Z2 Mini G5
Operating System: Microsoft Windows 11

Hi. I was wondering if anyone has experienced something similar or knows how I can work around an issue I'm having with deploying Windows 11 via PXE bare metal build using SCCM CB OSD Task Sequence. 

The models in question are specifically  - Z2 Mini G5 and Z2 Tower G1i. Other HP models have so far worked OK.

 

The situation with these models goes like this:

The boot image loads over PXE (The boot image has the HP WinPE driver pack injected) and the task sequence is selected. The disk is partitioned successfully, the OS (Windows 11 24H2 LTSC) is applied, the correct driver pack for the model (both driver packs are the latest downloaded from the HP site) is selected and installed, and then the task sequence continues into full OS mode to install some apps. After the OS setup is complete, the task sequence reboots, at which point we see a permanent loading circle at the HP logo "Protected by Sure Start" which never progresses or times out and cannot be recovered to the OS. 
The only way I have found which allows these devices to complete a build successfully, is to disable Secure Boot as well as disable the option to Configure the Storage Controller for VMD in the BIOS settings.

With that in mind, I have tried to automate this by creating a HP BCU package which configures these settings in the BIOS at the beginning of the task sequence before partitioning the disk, but this fails only when I try to modify Secure Boot. This means Secure Boot needs to be manually modified in the BIOS before any OS deployment takes place on these devices. 

The BIOS versions have been checked and are at the latest available versions respectively. 

The Windows 11 deployment works perfectly on a VM, HP Z2 Tower G9, Z6 G4, Z2 SFF G4 and some others, so I know it works, but I am unable to get it to work without manually configuring the BIOS.

 

Does anyone have any tips or has experienced anything like this before, preferably without having to make changes to the BIOS config?

If disabling Secure Boot is the only option to make this work, does anyone know how I could automate the BIOS configuration to disable this without being manually prompted for a PIN to acknowledge and accept disabling Secure Boot? (Which I believe is why I couldn't get this to work using HP BCU as it needed a PIN to accept the change)

 

Thanks for reading.

Reply
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.