Hi, I am using windows 10, version 21H2 (OS Build 19044.1415). I have installed VMware Workstation 16 Pro. I have installed ESXi 7 inside my VMware workstation. I am trying to install security onion on this ESXi 7 so I can monitor my home network. My shell esxcfg-info | grep "HV Support" says 0. BEFORE I test with the following: When I uncheck the Hyper-V option in my “Turn windows feature on or off” and power on my ESXi with the “Virtualize Intel VT-x/EPT or AMD-V/RVI” box checked, I get “Virtualized Intel VT-x/EPT is not supported on this platform. When I uncheck the Hyper-V option in my “Turn windows feature on or off” and power on my ESXi with the “Virtualize Intel VT-x/EPT or AMD-V/RVI” box UNchecked, I get “Virtualized Intel VT-x/EPT is disabled for this ESX virtual machine. You will only be able to run 32-bit nested virtual machines”. Then, when I get into my ESXi and try to power on my security onion VM, I get: Failed to power on virtual machine “iq SO 2.3.62-MSEARCH OVF”. This host does not support intel VT-x.
Thanks for any help or advice |
Virtualization Technology should be enabled in the BIOS of the host machine.
From the ESXi VM vmware.log, it looks like VMware Workstation is still detecting Hyper-V enabled on the host machine.
Follow the information and instructions of the KB. Many people seem to be miss the steps involving the bcedit followed by a restart.
Th gpedit step in the KB is on the assumption the host machine is not a member of an AD domain. If it is a member of an AD domain, you need to talk to your domain admin as VBS/memory integrity can be enforced via AD domain policy.
Nested virtualisation (running VMs inside a VM or have WSL2 inside a Windows VM) in VMware Workstation requires that the VM on Workstation have the "Virtualize Intel VT-x/EPT or AMD-V/RVI" box checked/enabled. This is the equivalent of a physical machine BIOS/UEFI of Intel VT-x/AMD-SVM enabled.
If the Windows 10/11 host has Hyper-V enabled, nested virtualisation will not work with Workstation Pro. That is the meaning of the "Virtualized Intel VT-x/EPT is not supported on this platform".
Make sure you have Hyper-V removed from the host so that nested virtualisation will work.
Follow the steps in this KB
https://kb.vmware.com/s/article/2146361
Also make sure that Memory Integrity is OFF
Windows Security -> Device Security -> Core Isolation details
If your Windows host is a member of an AD domain, items such as Memory Integrity/VBS can also be enforced via domain policy. If that is the case you need to contact your domain admin.
When Hyper-V is detected, you will see these lines in the vmware.log
<timestamp> In(05) vmx IOPL_Init: Hyper-V detected by CPUID
<timestamp> In(05) vmx Monitor Mode: ULM
Once Hyper-V is no longer detected, vmware.log Monitor Mode should show as CPL0, and nested virtualisation should work (with the Virtualize Intel VT-x in the VM processor settings enabled).
Bluefire, Thanks for your detailed information, it helps a lot. i will be trying the link you sent as well as other information you mentioned. i will keep you posted.
Hi Bluefire. sorry it took so long. Here is how i set things up according to what i saw in your suggestion. I think i missed something?? thanks for taking time to look at my screen shots as well.
I have my windows 10 BIOS intel virtualization technology checked (should this be enabled??)
ESXi virtulization 0.png
I have the "Virtualize Intel VT-x/EPT or AMD-V/RVI" box checked/enabled for my ESXi 7.
ESXi virtulization 1.png
I have Hyper-v for windows 10 unchecked.
ESXi virtulization 2.png
If the Windows 10/11 host has Hyper-V enabled, nested virtualisation will not work with Workstation Pro. That is the meaning of the "Virtualized Intel VT-x/EPT is not supported on this platform".
Make sure you have Hyper-V removed from the host so that nested virtualisation will work ???.
https://kb.vmware.com/s/article/2146361
Is this what you are reffering to?
Process to turn off virtualization-based Security:
Below steps can be followed to turn off virtualization-based Security for Windows 10 Home & Pro:
For Microsoft Windows 10 Pro & above:
Also make sure that Memory Integrity is OFF
Windows Security -> Device Security -> Core Isolation details
“Memory Integrity is a feature inside a broader set of protections called Core Isolation. It uses hardware virtualisation to protect sensitive processes from infection. These features are a subset of virtualisation-based security features that Microsoft has offered to enterprise users since Windows 10 shipped.Mar 9, 2020”
Also make sure that Memory Integrity is OFF
Windows Security -> Device Security -> Core Isolation details
This is the current state of my Memory Intefrity
ESXi virtulization 3.png
If your Windows host is a member of an AD domain, items such as Memory Integrity/VBS can also be enforced via domain policy. If that is the case you need to contact your domain admin.
When Hyper-V is detected, you will see these lines in the vmware.log
<timestamp> In(05) vmx IOPL_Init: Hyper-V detected by CPUID
<timestamp> In(05) vmx Monitor Mode: ULM
Once Hyper-V is no longer detected, vmware.log Monitor Mode should show as CPL0, and nested virtualisation should work (with the Virtualize Intel VT-x in the VM processor settings enabled).
With the above settings, I get this when I power on my ESXi.
ESXi virtulization 5.png
When Hyper-V is detected, you will see these lines in the vmware.log
<timestamp> In(05) vmx IOPL_Init: Hyper-V detected by CPUID
<timestamp> In(05) vmx Monitor Mode: ULM
In my ESXi log, I see 2022-01-18T16:34:11.659Z In(05) vmx IOPL_Init: Hyper-V detected by CPUID 2022-01-18T16:34:11.777Z In(05) vmx Monitor Mode: ULM |
Once Hyper-V is no longer detected, vmware.log Monitor Mode should show as CPL0, and nested virtualisation should work (with the Virtualize Intel VT-x in the VM processor settings enabled) ???
thanks for your suggestions and advice
Virtualization Technology should be enabled in the BIOS of the host machine.
From the ESXi VM vmware.log, it looks like VMware Workstation is still detecting Hyper-V enabled on the host machine.
Follow the information and instructions of the KB. Many people seem to be miss the steps involving the bcedit followed by a restart.
Th gpedit step in the KB is on the assumption the host machine is not a member of an AD domain. If it is a member of an AD domain, you need to talk to your domain admin as VBS/memory integrity can be enforced via AD domain policy.
Hi Bluefire, thanks for the further information. i am looking at
https://kb.vmware.com/s/article/2146361 more closely and am researching and will apply the instructions. Playing with the registry scares me :-). will keep you posted.
bluefirestorm (Champion), thanks so much. The link " https://kb.vmware.com/s/article/2146361" worked great !! I dont get those visualization related error messages in ESXi, and, i upload a security onion VM and it powered on without the visualization messages as well.
Thanks again. My next issue is to mirror in / outgoing packets to my security onion. I saw several examples, but I will make another forum post for that to see the latest best way to do this.
You were VERY helpful
I am having the same issue. I had vmworkstation 17 with my ESXI VM which powers up, but the VM inside my ESXi is getting error below. I have this setup on my other laptop and it works fine with all of these steps. The only difference is that I cant enable Virtualization Intel VT-x/EPT or AMD-V/RVI and Virtualize IOMMU or the ESXi wont boot up. I need those checked to run the VM in ESXi DDVE down below. Not sure what the difference is?
haTask-1-vim.VirtualMachine.powerOn-56
Power On this virtual machine
ddve
Failed - This host does not support Intel VT-x.
@JBDell20 You probably still have some vestige of Hyper-V still enabled in your host because of this message:
Please check the vmware.log file for your VM and confirm that the Monitor mode is CPL0, not ULM. If it's ULM. that means you've still got Hyper-V components in use and you need to take all the steps that are posted by @iqworks until you find that the monitor mode is CPL0.