I recently started experiencing an issue where previously nested ESXi hosts would run on my Dell 5550 laptop with the Virtualized Intel VT-x/EPT enabled in the BIOS. Any existing ESXi VM or new ESXi VM receive the following error when attempting to start the VM - Virtualized Intel VT-x/EPT is not supported on this platform. Continue without virtualized Intel VT-x/EPT?
Any ideas?
That means Windows Hypervisor API ULM is used for the VMM instead of Intel ring-0 VT-x.
Remove Hyper-V from the host and/or make sure Memory Integrity is off.
Remove Hyper-V follow this KB https://kb.vmware.com/s/article/2146361
For Memory Integrity go to Windows Security -> Device Security -> Core Isolation
@bluefirestorm Thank you for the quick reply. I have reviewed the kb article and have confirmed that Hyper-V is not installed and Memory Integrity is off. I even followed some steps using bcdedit and gpedit to change settings per the kb article without any luck. I am still getting the same errors when I attempt to launch any nested VM.
You can verify the vmware.log of any VM that Workstation still detects Hyper-V.
In(05) vmx IOPL_Init: Hyper-V detected by CPUID
In(05) vmx Monitor Mode: ULM
Did you also do the
“bcdedit /set hypervisorlaunchtype off” step in the KB?
If the laptop is a member of a Windows domain, Group Policy might be enforcing things like Memory Integrity even though it is not enabled on the local machine.
I looked in the vmware.log file of the VM I'm attempting to launch and I am indeed seeing the following items in the log file:
In(05) vmx IOPL_Init: Hyper-V detected by CPUID
In(05) vmx Monitor Mode: ULM
I did run the bcdedit /set hypervisorlaunchtype off per the kb.
Yes, the laptop is a corporate device and a member of a Windows domain. Is there a way to confirm if a domain GPO is enforcing settings?
I have opened an internal support case.
GPO might be enforcing Bitlocker or other VBS features (device guard, credential guard?), which deploy Hyper-V.
We do have Slack #fusion-workstation tho, fellow employee 🙂
gpresult /h test.html
Then open the resulting html file with Internet Explorer (ideally, though Chrome is OK too).
This will reveal everything Group Policy is doing.
Hi all, I have the same issue and I urgently need the nested cluster for a channel demo? Any update on this? Thanks!