I have a number of servers I need to get converted to UEFI from MBR disk. I have the process for this working well in a lab environment but when I try to do it on production servers after the computer has been converted to UEFI, the BIOS reconfigured, Windows refuses to boot due to driver signature errors on the hard drive driver.
I have performed DISM /cleanup-image /Restorehealth and SFC /scannow to ensure all drivers and other components are current and health before doing the conversion using the command MBR2GPT /convert /AllowFullOS.
After the conversion to UEFI I have booted to WinPE, manually added drivers using PNPUTIL so I can see the OS drive. Then I run BCDBOOT C:\Windows /s H: /f UEFI to rebuild the boot records. Upon booting I get the driver signature warning. Even doing the option to not validate signatures does not work. I have to disable Secure Boot in BIOS to get the system to boot.
My main question is how can I correct the driver signature issue either by updating the known/trusted drivers or completely wiping the driver database and get a fresh start. I am basically looking for anything that will get me past these driver signature issues and still have Secure Boot enabled.