TECH198
Hot Shot
Hot Shot
‎10-04-2023 07:54 PM

Adding existing vmdk to encrypted (VM) not possible.

When installing Windows 11 in Fusion, i choose to just "ecnrypt vm files" instead of virtual disk..

 

I then got corrupted windows after complete shut down and could not repair, (see my other post).

 

I then thought, in order to post log to Microsoft community, and i was doing troubleshooting in WinPE, i thought i could just :

- add a known good working .vmdk from backup, and boot to that.

- add the corrupted .vmdk as 2nd, so i can access and copy log..

so i removed 1st hd, added known good backup vmdk, then re-added the corrupted one as a 2nd

 

However when i tried to "Apply" I got "can't add encrypted hard drive" so effectively, i was stuck..

Which is false.... The vm files were only encrypted, not the vmdk disk... so why can't i add it?  The known-good one is also not encypted. as i only ever prefer encrypting vm fils, not disk.. So i know that's not the issue.

0 Kudos
Technogeezer
Immortal
Immortal
‎10-04-2023 09:53 PM

I just tried this out.

Start with a working Windows 11 ARM VM - otherwise you might have to mess around with the EFI boot strings and that isn't going to be pretty.

Make a backup copy of the working Windows 11 VM by copying it elsewhere.

On this working VM:

  • Remove the TPM device (unless you're using BitLocker, you won't have a problem with removing and re-adding a TPM device).
  • Decrypt the VM.
  • Now go to the VM's settings and click "Add Device...". From there, select "Existing virtual disk".  Navigate to the old VM and select its virtual disk, and specify that you want to make a copy. Leave the original alone.
  • Re-encrypt the VM
  • Add the TPM device back into the configuration

On your next boot, Windows may ask you to reset your PIN if you've configured Windows Hello. That's an artifact of losing the TPM device, (I had to reset my PIN - thank heavens that Microsoft Authenticator on my iPhone tied to my Microsoft account made that super easy.)

Upon login, my other VM's hard drive is now seen as the E drive. 

It does seem a bit strange that the VM won't allow you to add a disk that doesn't have any component of it encrypted. Perhaps that's a remnant of the older fully encrypted disks worked. Paradoxically, Fusion allowed me to remove that second virtual disk without decrypting the VM. Go figure.

 

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides
0 Kudos
ColoradoMarmot
Champion
Champion
‎10-05-2023 08:37 AM

I've also been able to edit the vmx directly, both to remove and add virtual disks.  Not for the fainthearted, but it works without all the hoops (which surprises me that the UX is more restrictive).

0 Kudos