VMware Communities
chchia
Contributor
Contributor
‎01-26-2018 07:27 AM

Powering on a vm in VMware Workstation on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)

I followed this guide

VMware Knowledge Base

but seems like this is not the permanent solution? i need to repeat the command line in #4 every time i restarted the host!

is there any permanent solution for this?

my windows is Windows 10 17074. vmplayer 14.

0 Kudos
3 Replies
RaviKaushika
Contributor
Contributor
‎06-11-2018 09:22 AM

dear chchia,

good morning.  I too have the same problem; our staff also followed a you tube video and the steps suggested - the problem persists after a reboot of the host.

bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set hypervisorlaunchtype off


Note: after restart accept the disabling by clicking on F3. (twice)

https://www.youtube.com/watch?v=CGpv2Dvzyeg

thanks and regards

ravi.

0 Kudos
lmcwilli
Contributor
Contributor
‎06-13-2018 01:43 PM

I am running VMware Workstation v14.1.2 build-8497320 on Windows 10 Enterprise on a Lenovo P50.

Today after a Windows 10 update, and installing Docker for Windows, none of my VMware Workstation VMs would open: CentOS, Ubuntu, Windows7.

I received the following message:

pastedImage_0.png

The link provided in the above error message states: “VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard”.

The link went on to describe how Device/Credential Guard may be disabled by running gpedit.msc.

When I attempted to run this command, as administrator, I get the following error:    

pastedImage_1.png

This likely because corporate security restricts what I can change on my laptop.

Another solution that I found was that Device/Credential Guard may be disabled by running the Device Guard and Credential Guard hardware readiness tool. I tried running this from the Powershell, as admin, and got the message that running scripts is not permitted. This is also likely a restriction imposed by corporate security.

What worked for me

After traveling down the above two “rabbit holes”, it occurred to me that perhaps neither Device/Credential Guard nor Windows update were the culprits but rather the Docker for Windows install I just did. Specifically, Docker for Windows had enabled Hyper-V.

pastedImage_4.png

As soon as I turned off this feature and rebooted, my VMs worked again!

I posted this solution on our corporate Windows 10 support site and was told the following by our support person:

"VMware is UNSUPPORTED on Win10.   Hyper-V is the only supported VM. I suspect you will have additional pain when we the security team gets around to fully enabling Device-Guard."

This made the prospects for VMware Workstation on Windows 10 appear to be grim.

Will I have to switch to a Linux desktop to continue using VMware Workstation?

0 Kudos
sshetty
VMware Employee
VMware Employee
‎06-23-2020 12:49 PM

VMware has worked on this concern for quite some time now

and the following details should help

Supported Host Operating Systems

  • Windows 10 20H1 build 19041.264 or newer

Processor Requirements for Host Systems

  • Intel Sandy Bridge
  • AMD Bulldozer or newer CPU

Use: VMware Workstation 15.5.6 or Newer.

VMware Knowledge Base

For Host machines using Windows 10 1909 or older

Refer: Disable Windows Defender Credential Guard

In Microsoft article: Manage Windows Defender Credential Guard (Windows 10) - Microsoft 365 Security | Microsoft Docs

We would like to specific details if we still run into issues after meeting all system requirements.

0 Kudos