Reply to Message

View discussion in a popup

Replying to:
PeterVM100
Contributor
Contributor
‎05-13-2023 08:10 AM

KB5023696 has morphed into KB 5025221

My problems started in Fall-2022. Updating Windows 10 in a Vmware guest would fail 100% of all attempts, and has been ever since. I ran some tests to try to narrow down the cause of the problem and am posting here for others.

Configurations Tested:
Host                               Guest
Win 10(x64)                 Win 10(x64)
Win 10(x64)                 Win 10(x86)
Win 10(x86)                 Win 10(x64)
Win 10(x86)                 Win 10(x86)
Linux Ubuntu (20.04) Win 10(x86)
Linux Ubuntu (20.04) Win 10(x64)

Results:
Every time Windows 10 (any version) is installed as Host, it will update fine
Every time Windows 10 (any version) is installed as a guest, the update will fail

When the VMware guest is created with a Nvme hard drive, the updates fail
When the VMware guest is created with a scsi or sata hard drive, the updates succeed


Investigation
After each Windows update failure, the errors I was getting in Windows event viewer all had to do with DCOM and insufficient rights - see preceeding post. I did some research and followed the procedure(s) for assigning rights to eliminate the errors. Alas, it did not solve the problem with Win 10 update.

I found this link where Microsoft rep is talking about DCOM “hardening” which I am guessing has to do with the mentioned KB's.
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...

June 8, 2021 Phase 1 Release - Hardening changes disabled by default but with the ability to enable them using a registry key.
June 14, 2022 Phase 2 Release - Hardening changes enabled by default but with the ability to disable them using a registry key.
March 14, 2023 Phase 3 Release - Hardening changes enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.


Here are some links discussing how to deal with error 10016 which is the error I was experiencing with the DCOM events.

Kapil Arya, Microsoft MVP
https://www.kapilarya.com/fix-event-10016-error-the-application-specific-permission-settings-do-not-... 

https://www.youtube.com/watch?v=rAJRGRpvuH8&t=15s 

WinTips.org - author unknown
https://www.wintips.org/fix-application-specific-permission-settings-do-not-grant-local-activation-p... 

What ended up working for me was the suggestion to convert the Nvme drive to scsi (or sata).

When I look at this situation, it seems to me that there is a disconnect between what Microsoft engineers are working on and Vmware being aware of the changes coming down the pipe so they can in turn prepare their product(s) for the upcoming changes.

I’ve really wanted to get a licensed copy of Vmware Workstation Pro (16) because I would like to run more than 1 VM at a time but when I see this problem (KB 5023696/ 5025221 lingering for almost a year it seems Vmware is uninterested in patching their software. If I had a licensed copy now, I would be furious.

So, what I would like to know is:
1) is there a performance hit for switching froma Nvme to a scsi/sata hard drive?
2) has anyone tried switching back to Nvme after installing 50230696/5025221?

Reply
0 Kudos