iFrog's Posts

@rudydevolder wrote: I don't know in Fusion but I had exactly the same error in WmWare workstation. So I presumed the solution would be the same.  This is my screenshot in VmWare workstation on my Windows machine.   You can't use workstation in this situation as a Fusion solution because they are different products, and have different UIs.  Functionally as far as running a VM, they are pretty much the same, but I've never used Workstation.  However, keep in mind, a few here (myself included) never had a printer / serial port listed in the VM Settings (GUI) and that's why we had to either   decrypt the VM to edit the vmx file, or just edit the vmx file because that's the only place the settings were referenced. Here are a couple screenshots of Fusion 13.5.0 to show there are NO printer options in settings for a VM https://flic.kr/p/2pdkdZ5 Add Device settings window https://flic.kr/p/2pdkdYZ I tried to add directly to the post, and it didn't work so you need to use the links to see photos.

Guys, that was the first thing I looked for when encountering the error after the upgrade.  There was no printer, or any reference to printing in the GUI part of the settings.  It seems to be VMX only.  If there had been a simpler fix, I would have provided it, and people could have avoided the rest of this. The other piece of hardware that didn't show up in the GUI was the serial port.  That too was only accessible through editing the .vmx file.  

@ColoradoMarmot wrote: @iFrog wrote: I wanted to find out,  if right clicking on a VM in the Virtual Machine Library, and then holding option bypasses the encrypted  VMX file.  Since VMware Fusion stores the password so the VM can start.   Just a note - it's actually stored in the mac keychain, not in Fusion. I know, and I should have said that.  It's in keychain so Fusion can access it without asking.

I wanted to find out,  if right clicking on a VM in the Virtual Machine Library, and then holding option bypasses the encrypted  VMX file.  Since VMware Fusion stores the password so the VM can start.   When I initially did the fix, I did it through Finder,  not through VMWare directly.  I re-read the VMWare docs on how to enable 3D acceleration  for big sur and above guests, and found that You can edit the file right through VMware.

@ColoradoMarmot wrote: On a physical machine, bitlocker is critical - especially if it's a laptop.  Otherwise all your data is at risk when it's stolen.  Bonus is that when the drive fails, you don't have to resort to the same level of physical destruction as  you would with an unencrypted drive (that's why all my externals are encrypted - I got tired of drilling holes in the cases, bending plates, etc)..  Same is true with FileVault on Macs - turn it on. But I agree, in a VM, its superfluous - you're much better off just encrypting the underlying disk that the VM resides on (both for data loss, as well as for performance. I think it really depends on what data you store on the computer that makes FileVault, or BitLocker worth it.  For example most of my personal banking info is stored in my account behind my login / password / two factor authentication, and the Bank's other safe guards. Also, if I have any personal data on the computer, that "may be" at risk, I typically just encrypt that data. Many of the resources I follow, such as Security now, or a man named Carey Holzman, and various other professionals suggest technologies  such as bit locker only for high risk  individuals where the data is top secret, or personal such as medical, government, etc. They don't typically suggest it for an average consumer that doesn't have a lot of sensitive data on that scale because of how easy it is to lose data, if something goes wrong.   I agree people should be wise and keep good safe backups of data, and be responsible with their data.  It should just be a balance though and be tailored to the environment as to what protective measures are in place.  It's not a one size fits all. Anyway, Linux, FreeBSD, or any Unix OS is still probably a better alternative for security over Windows.  Mainly because Windows probably still has the  highest target rate, and we could put stealing computers into that category as well.   Anyway, glad I was able to provide feedback, and help for others here, with the initial problem being discussed here.

@Technogeezer wrote: @iFrog  Agreed with you 100%. The warning message about the TPM is scary. But the only time you have to be wary of deleting the TPM for a VM is if you have enabled BitLocker in the VM. Removing the TPM is the same as if you lost it on a physical machine or had to swap motherboards. Losing the contents of the TPM with BitLocker enabled requires you to go through BitLocker recovery. procedures. In that case you'd better have the BitLocker recovery key or else your VM will be a meaningless pile of random bits.  I understand, and personally, I don't think the average person should be using Bitlocker, it's too easy to lose data.  If they need a secure backup, it should be outside the VM, or physical computer.

@Technogeezer wrote: You only need to remove the TPM and decrypt the VM to edit the VM file to remove ThinPrint if you have the VM encrypted with the "All Files" option (i.e. fully encrypted). For unencrypted and partial encrypted VMs, you can edit the .vmx file to remove those lines once the VM is shut down - no need to mess around with encryption settings. That was the point of my tutorial was for people who had a fully encrypted VM (including VMX file) was to decrypt the VM by removing the TPM so they could edit the file, and then after re-adding the TPM set the VM to only encrypt the TPM requirements so the VMX file would remain decrypted. I created my Windows 11 VM in VMWare 12, so it was full encryption only then.  VMs created in 13, or newer will  have the options for full, or TMP requirements only.   I was trying to help people save their existing VMs without having to create a brand new one, and risk losing their windows activation in the process.    

@gen843620 wrote: Thanks.   I considered turning off TPM and Encryption in order to edit the vmx but was frightened by the TPM warning, "Removing...will destroy all encrypted data on this virtual machine. It is unrecoverable."   I assume "all encrypted data" means the entire VM -- Windows and everything in it -- because I have Fusion Encryption set to "All the files...."   If I had Encryption set to "Only the files needed to support a TPM..." then I'd venture turning off TPM etc.   What were your settings and the destructive effects, if any, when you disabled TPM and encryption?    I have data backups outside of the VM, so it's doable but it'd be a big hassle to reinstall Win11 and programs I use. I never got a warning.  As per my post, the only destructive circumstances in Winn 11 were having to reset my windows PIN for login. beyond that, nothing else was affected.  Keep in mind per my instructions, don't power the machine back on UNTIL the changes are made and TPM is back on and the VM has the new encryption settings (TPM only ) vs full encryption.   I understand if you want to wait, i did the tutorial in case VMWare DOESN'T"T provide a fix, then my instructions will fix the issue. If you want peace of mind before doing the fix, backup your VM, if it breaks in your circumstances, simply restore your backed up VM.

@gen843620 wrote: Yep, me, too. In all three VMs I use: Debian (not encrypted), Ubuntu (not encrypted) and Windows 11 (encrypted, TPM, all). The error appears when each starts, just like everyone here posted. I deleted the Debian and Ubuntu VMs then created new VMs for them (overkill method). No errors now. Then for giggles I looked at their vmx file content and there's no line including "serial" or "thinprint," which many of you recommened removing. I'll wait for VMWare to update Fusion 13.5 again to fix the problem before I deal with my Windows 11 VM (all encrypted, TPM).   PS I hope Broadcom's purchase of VMWare and imminent layoffs won't delay or hurt the quality of a fix for this. A friend who works at VMWare said layoffs are expected by Oct 28th. Check my post above yours for how to fix you Windows VM.  Mine (both windows 10, and 11) are working without errors with the above method, and I actually gained speed, by removing full encryption from both, and changing Win 11 to TPM encrypted only.

Hey all, I have a working solution for those who are in a situation like mine who had the entire VM encrypted. To resolve editing the VMX file on an encrypted VM do the following: 1. Shut down the VM (if running) 2.  From the Virtual Machine Menu select settings. 3. IMPORTANT select the TPM chip in your devices and click  remove 4. under encryption, select this VM is not encrypted to remove ALL encryption. 5. Once that is done and you see the green and white checkmark confirming success quit, and relauch VMWare. 6. Go back to settings for the Virtual machine, and choose encryption.  This time select only encrypt for TPM support and leave the vmx file unencrypted. 7.  edit the vmx file once done in settings to remove the serial0 lines, they are not needed so remove all lines referencing serial0. 8. Save changes and close the vmx file. 9. Power on the Virtual machine and let windows load..  Because of the changes made in security, your login pin will be gone.  You will need to go through the process of resetting the pin. 10. Reset your pin according to the onscreen instructions. 11.  Login to windows, once you have set up your pin.   Notes, I did check and activation does NOT seem to be affected, my copy of windows 11 Pro 22H2, in this VM was still active when checking status.   Hope this helps and have a great weekend!

@BillPa wrote: I can and others will be able too also, I made that caveat clear in my posts. VMWare provided a method a couple releases back to encrypt while still allow editing the configuration file, unfortunately older encrypted VMs don’t have that recourse. I got hit by this scenario earlier, not fun, fortunately not this time. Some of my VMs go back to version 11 / 12.  I think the windows 11 VM was created under 13.x.  I'll have to be more aware going forward when using the encryption option, not to encrypt the vmx file as well. I CAN remove the TMP module from the Windows 11 VM, and decrypt, but doing so, breaks my windows 11 install as it changes the settings in the VM as well, so it removed my PIN, and it may have deactivated windows (i didn't check the deactivation part to be sure.) Either way, I restored from a backup and will just leave the Windows 11 VM encryption alone until VMware can find a better solution to fix this.  As mentioned above, it seems like it's mainly a cosmetic warning, so it doesn't seem to affect performance.  Seems like removing the encryption to fix this, is more destructive than the initial issue itself.

@mappoint wrote: I have 3 W10 VMs (1 without error) and 2 W7 VMs (1 without error). OK, will keep an eye on my W10 VM, it's doing windows updates right now then will upgrade vmware tools, and the VM itself, and watch for hte warning.  Stuff like Linux, i can always just create a clean VM with, if I had to and just attach the existing virtual disk to. Windows isn't so easy as the activation key is tied to the VM it's installed into.

@mappoint wrote: I am getting this same error message but not on all VMs. I have 2 VMs without this error (with the serial0 lines in the VMX file). Strange. Which VMs didn't give you the error? what's the guestOS?  I didn't get the error on my windows 98 SE VM, got it on my Linux and Windows 11 VMs, looks like I didn't get it on my windows 10VM but will double check on that one.

@Idontwanttobeab wrote: That only works if the virtual machine disk is created with the newer encryption setting. The problem is for people who have older virtual machines where everything is encrypted. I also think the default is to encrypt the whole thing, which happened to me.  If I had known about the options I would have made sure to not encrypt the whole thing and would have only chosen the option to encrypt only what TPM requires.

@Idontwanttobeab wrote: You can't open the encrypted settings file. You have to decrypt the entire disk file to a copy, and only then can you edit it. If you want an encrypted disk file you have to generate a new vm based on the decrypted disk file and then decrypt that one again with the setting that doesn't encrypt the settings file. OK, got it, was just clarifying as Bill made it sound like he was able  to open the file.  Anyway, as long as this doesn't break anything from working within the VM it would be easier to wait on a fix from VMware, because my digital code for windows is tied to the VM, so creating a new VM would just generate a bunch of unnecessary steps.  Windows 10 could have been used decrypted but I think there was something I wanted to test that required TPM.  Windows 11, can't be used decrypted.  Not a huge deal since I don't depend on these VMs for daily tasks just a poor oversight on VMware's part I think to leave these line in place if support was dropped.

@BillPa wrote: I got rid of the error message by editing the config file with the following. For those who can without de encrypting. serial0.present = "FALSE" [then I removed the other two serial0. lines referencing "thinprint" as well] Hi Bill, please disregard my first reply, the formatting got screwed up, and now it won't let me edit the post. What I meant to say was, I was able to edit the lines out of the unencrypted VMs such as the Linux ones.  The windows ones I was able to open the file, but it didn't show me the file contents just some encryption keys.  I used BBedit, how did you open your encrypted vmx file?

@Idontwanttobeab wrote: There are two ways of encrypting the vm. You can encrypt everything, and then there is possibly a newer option to not encrypt the config file and a few others. (see the encryption settings). If the entire thing is encrypted, you have to go the long mile... That was my problem, the whole thing is encrypted because I just went with the defaults when doing Window 10 / 11.  Didn't realize it would also encrypt the .vmx file, but then again, don't usually need to edit those.  I will just dismiss the notice for now because of the encryption.  Maybe VMWare will provide a better fix soon.  It doesn't seem to break anything just an unnecessary notice on vm start.

Yes it's working here just fine.  It was fixed for me within a couple hours.  I didn't know anyone had responded as I didn't receive any kind of notifications for replies to the thread.  Either way all is well, so thanks again.