Have you encountered multiple errors on your Windows PC like:
- “Secure Boot is disabled”
- “Unable to update Secure Boot variables”
- “The DCOM server could not start”
- Endless crashing or boot looping?
These seemingly separate problems are often closely connected, and they can make your system unstable or even unbootable. In this guide, we’ll walk you through the causes and solutions in detail — especially for beginners who need step-by-step support.
What Is the Secure Boot Variable Update Error?
Secure Boot is a UEFI-based feature designed to protect your system from rootkits and unauthorized code during startup.
However, under certain conditions — such as after an update or when installing unsigned drivers — you may see the error:
“Unable to update Secure Boot variables”
This typically means one of the following:
- Secure Boot is not functioning correctly.
- There is a mismatch or corruption in the boot configuration.
- The system is installed in an incompatible format.
Why Secure Boot May Not Be Enabled
Here are some common causes:
- Windows is installed in MBR (Legacy BIOS) format instead of GPT.
- Secure Boot is disabled in BIOS/UEFI settings.
- The Secure Boot keys are missing, corrupted, or invalid.
- The system has non-compliant drivers or unsigned components.
How to Check Secure Boot Status
- Press Windows + R, type msinfo32, and press Enter.
- In the System Information window, select “System Summary.”
- Look for the line that says “Secure Boot State.”
| Display | Meaning |
|---|---|
| On | Secure Boot is properly enabled |
| Off | Secure Boot is disabled in UEFI settings |
| Unsupported | The OS is likely installed in MBR format; Secure Boot is not supported |
Reviewing this section will help determine whether you need to reconfigure boot settings or even convert your disk to GPT format.
Step-by-Step: Fix Secure Boot Errors
Here are the key steps:
- Enter BIOS/UEFI and set Secure Boot to Enabled.
- Use the “Install Default Keys” option to reload factory keys.
- If your OS was installed in MBR format, consider converting to GPT format.
⚠️ MBR-to-GPT conversion is highly recommended to enhance system security and enable full UEFI support.
How to Convert MBR to GPT (Without Data Loss)
You can convert MBR to GPT using the built-in tool mbr2gpt.
Important Notes:
- Always back up your data first.
- Disable BitLocker if it’s enabled.
- After conversion, change BIOS boot mode to UEFI only.
More info: Microsoft official guide on MBR2GPT
What to Do If Your PC Is Stuck in a Boot Loop
Secure Boot-related issues may corrupt the boot manager or BCD, leading to system instability and endless restarts.
Step 1: Try Safe Mode
If Windows still boots:
- Open the Start menu, type cmd, right-click Command Prompt and select Run as Administrator.
- Then enter the following one by one:
bootrec /fixboot
bootrec /scanos
bootrec /rebuildbcd
Step 2: If Windows Won’t Boot
Use a recovery USB or Windows installation media.
- Boot from the USB.
- Select: Repair your computer → Troubleshoot → Advanced options → Command Prompt
- Enter the same bootrec commands listed above.
Here’s a safer alternative that often works:
This command helps restore the system boot files from the current Windows installation.
Create a Restore Point Before Making Changes
💡 Before applying changes, create a system restore point:
- Search for “Create a restore point” in the Start menu.
- Click the “Create” button in the System Properties window.
- Enter a name like “Before Secure Boot Fix” and confirm.
This allows you to safely undo changes if anything goes wrong.
DCOM Server Error: Cause and Fix
DCOM (Distributed Component Object Model) manages background communication between Windows services and apps.
Sometimes, permission issues may cause the system to log the following message in Event Viewer:
“The application-specific permission settings do not grant Local Activation permission for the COM Server application.”
Fix DCOM Errors via dcomcnfg
- Press Windows + R, type dcomcnfg, and press Enter.
- Navigate to Component Services → Computers → My Computer → DCOM Config.
- Locate the app causing errors (e.g., ShellServiceHost).
- Right-click → Properties → Security tab.
- In “Launch and Activation Permissions,” select Customize, click Edit, and grant “Local Activation” to SYSTEM or Administrator.
Important Note
DCOM settings affect critical system components. Always create a restore point before modifying. Misconfiguration can cause instability.
Summary Table: Common Symptoms and Fixes
| Symptom | Cause | Recommended Fix |
|---|---|---|
| Secure Boot variable update failed | Installed in MBR mode | Convert to GPT, enable Secure Boot |
| Startup loop or crash | Corrupt boot configuration | Use bootrec or clean install |
| DCOM server won’t start | Incorrect permissions | Adjust access rights via dcomcnfg |
Final Thoughts
Secure Boot issues and DCOM errors may appear unrelated, but they often indicate deeper conflicts in boot configurations and system permissions.
When in doubt:
- Start from Safe Mode or recovery mode
- Follow step-by-step procedures
- Avoid making random BIOS or registry changes without a plan
- Create restore points before any serious modifications
When dealing with deeply rooted system errors like these, patience and careful steps are your best allies. Don’t rush — take one fix at a time, and always back up before making major changes. By understanding what’s happening under the hood, you’ll not only fix the issue but gain more confidence in managing your Windows PC.
Recommended Articles
▶︎Automatically Delete Windows Update Files to Free Up Space (July 2025 Edition)
💡 Looking for more tips? Check out our full list of Windows Help Guides.
