Any idea when this fix will be available? Windows 11 has been released and it certainly wasn't a surprise for several months that TPM would be required.

It appears all these install methods published before the official release are not all blocked or broken. This is an unfortunate circumstance for Microsoft to leave people in and I think it was a poor decision on their part. Oh well...

It’s available . . . thanks to wila for spotting this Twitter Link  . . . it worked a treat, and Win 11 installed with no issues . . . VMware v16.2.0.

When checking the the VM's hardware settings the TPM has been added to the list, and has been recognised within Win 11 Computer Management (Secure devices) . 

There is however one VMware consideration which I was unaware of, but perhaps I should have been, is that to get the VMware app to read the vmx file correctly you have to close the associated VM tab from within the VMware App, So, in brief :

1. create a new VM and link it to the Win 11 iso file
2. if open, close the newly created VM tab in the VMware Workstation app
3. edit vmx and add the managedvm.autoAddVTPM = "software" line to it
4. then power on the new VM and run through the Win 11 install.

And many thanks to all those involved in creating this.

This does not fix the issue. It is a hack and it does not work for existing VMs running Windows 10. The upgrade path is still broken for those of us running Insider builds.

"It is a hack" . . . I don't disagree, I'm sure that a more elegant solution could be implemented, but as outlined in Roy's Tweet it it a "new experimental and currently undocumented feature".  It is clearly [I hope] an interim solution, but just a stopgap.

With Regards to working with existing VMs running Win 11 (I assume this is what you meant to say, although it may well also apply to Win 10) is that you could remove encryption.  I have done so on an number of VM's without any issues.  It would appear that you then have two options, you could leave as is, as Win 11 boots without a TPM module (probably not recommended) or add the required line to the .vmx file.

As follows:

• Power off the virtual machine
• Select the encrypted virtual machine and enter the password
• On the virtual machine select Settings.
• Select the Hardware tab and Remove the TPM from the list
• Select the Option tab, and select Access Controls, press the Remove Encryption button, re-enter the password when asked (decryption may take some time depending on the size of the VM)
• Once complete close the VMware Workstation tab associated with this VM
• edit the vmx and add the managedvm.autoAddVTPM = "software" line
• then power on the VM and test.

It goes without saying that you should take a clone of the original VM and test on this first.

Your suggested solution does not work for me.

I am a contract S/W engineer. For each customer I have a separate VM to keep work for one customer from affecting my work for another customer. I have to keep these VMs updated since my work is always done on the latest Insider builds to insure my solutions work on the latest releases. I use VMware WS instead of Hyper-V because of the performance. It is also for performance reasons that I will not encrypt my virtual disks. Time is money for me, and I don't get paid such a high hourly rate to spend time doing system maintenance. That time comes out of my pocket, so encrypting and decrypting a dozen or so VMs is not a solution to my problem.

I have some VMs running Windows 11 that will not update to the latest release because of the TPM issue and other VMs still running Windows 10 that won't update to Windows 11 insider builds as well because of the TPM issue.

At some point I will have to make a decision, in order to keep the builds I am running from expiring, to move to a platform that supports vTPM without requiring me to encrypt my drives.

In the end, VMware has known this would be an issue long before the public was informed of the Windows 11 requirements. For them not to have this issue fixed when Windows 11 was released is a problem. 

---

@jziobro wrote:

I am a contract S/W engineer. For each customer I have a separate VM to keep work for one customer from affecting my work for another customer. I have to keep these VMs updated since my work is always done on the latest Insider builds to insure my solutions work on the latest releases. I use VMware WS instead of Hyper-V because of the performance. It is also for performance reasons that I will not encrypt my virtual disks. Time is money for me, and I don't get paid such a high hourly rate to spend time doing system maintenance. That time comes out of my pocket, so encrypting and decrypting a dozen or so VMs is not a solution to my problem.

If you are such a highly paid software engineer, then you should know it is a fools' errand to do ANY production work on pre-release systems (which is what the Windows Insider Builds are)!  You ALWAYS run the risk of having to redo work because something changed between beta builds and a final build of an O/S.  

Also, part of your time you are paid for SHOULD include system maintenance, if it is a requirement that you have so many discrete systems.  If you have not laid out your requirements to the customer ahead of time and included that in your budget, that is YOUR mistake.  Learn from it going forward.

---

At some point I will have to make a decision, in order to keep the builds I am running from expiring, to move to a platform that supports vTPM without requiring me to encrypt my drives.

 

In the end, VMware has known this would be an issue long before the public was informed of the Windows 11 requirements. For them not to have this issue fixed when Windows 11 was released is a problem. 

 

---

And it WAS known and stated by the product manager that VMware was aware of this issue, and working on it.  They cannot control when Microsoft decided their product was ready, and released it.  They need to have their own development/test/release cycle for their products (Workstation, Player, Fusion - all which use the same core functionality and must work on numerous platforms and systems).  

You have been presented with a workaround with this newest release of the product, with the promise that a fully functioning framework will be coming.  If you are not happy using a workaround, you are free to wait until the complete solution is in place and released.

Safe trick to solve this:

Enter the line managedvm.autoAddVTPM = "software" in the .vmx file of the unencrypted existing VM.

Then make a full clone of this machine.

In the clone operation, VMware Workstation 16.2 adds automatically the TPM 2.0 module in the new full clone without request to encrypt the machine.

And it WAS known and stated by the product manager that VMware was aware of this issue, and working on it.  They cannot control when Microsoft decided their product was ready, and released it.  They need to have their own development/test/release cycle for their products (Workstation, Player, Fusion - all which use the same core functionality and must work on numerous platforms and systems).  

You have been presented with a workaround with this newest release of the product, with the promise that a fully functioning framework will be coming.  If you are not happy using a workaround, you are free to wait until the complete solution is in place and released.

As a S/W engineer who has been writing H/W drivers for many companies for the last 20+ years, I am more than familiar with the product release cycle. I am also aware that there isn't a company out there the size of VMware that is not partnered with MS to make sure they release their new products and/or updates together. I knew over six months ago when Windows 11 would be released. The idea that MS just pulled a date out of their a$$ for the release of Windows 11, making that date a surprise to VMware, is beyond laughable.

Hi,

---

@jziobro wrote:

Your suggested solution does not work for me.

snip

At some point I will have to make a decision, in order to keep the builds I am running from expiring, to move to a platform that supports vTPM without requiring me to encrypt my drives.

You don't need to encrypt the drives. That's the whole point of this new feature.

You might however need to upgrade the VM's virtual hardware from version 18 to version 19.
Then open the VM again in VMware Workstation 16.2 and it should have the vTPM added -without the need to encrypt anything.
What it does, is that it adds a few lines to the .vmx file that contain the encryption key (that bit is encrypted).

As always for this type of thing.. and as suggested by others in this thread, do make a full backup of your VM before you do this.

--
Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

Following on from this, assuming that a TPM in not required for your software development, then you don't actually have to encrypt the VM or use the 'new feature' to be able to install/upgrade or run Win 11.

Installing or upgrading to Win 11 only requires a small Registry change, either when performing a clean installation or prior to an upgrade to overcome Microsoft's compatibility checker.  It is pretty straightforward, and normally adds no more than 20 seconds to the initial setup stage.

@wila @ - Tried adding the hack to the .vmx file and updating the machines. It did not work

I went back to 16.1.2 as a number of changes were made to 16.2 that need to mature.

On 16.1.2 I have created a number of 11 machines with vTPM and encrypted disk.    Once i have set them up and running to my liking I remove vTPM and encryption.    Have had no issues.   What message do you get?

@kasperAs I mentioned in an earlier post, this would require me to encrypt/decrypt several VMs. I use VMs for my work and taking the time to do this would come out of my pocket, not my customers. Encrypting and decrypting every one of my VMs is not an acceptable solution. I am not installing Windows 11, I am upgrading machines to Windows 11, so all those clever little registry hacks for installing WIndows 11 simply don't work for me either.

jziobro . . . I'm not sure what you mean when you say "it did not work", what didn't work, was it the result of the .vmx file change or "updating the machine", whatever that means !

If you are referring to the former, it is important to note a few of things, firstly, it requires VMware v16.2.0, secondly, it will only work on an unencrypted VM, and lastly, that you have to close the tab within the VMware app for it to be actioned, so:

• create a new or using an existing unencrypted VM
• if open, close the VM tab from within the VMware Workstation app
• edit vmx and add the managedvm.autoAddVTPM = "software" line to it
• then power on the VM.

I have a question if I may,  do you actually need to have TPM, as you don't need it to be able to install Win 11 or upgrade to it from Win 10.  As it only requires a couple of registry changes to be able to do so.