VMware Communities
gue22
Contributor
Contributor
Jump to solution

Windows 1709 Device/Credential Guard compatibility when?

I´ve been using VMware Player as my preferred private virtualization solution for years and years.

With the Windows 10 bad surprise I so far simply switched off (and on) Hyper-V with

bcdedit /set hypervisorlaunchtype off

to make it work.

With Windows 1709 forced upon me I find two months after release VMware Workstation is not compatible with Device/Credential Guard and according to

VMware Knowledge Base

I´m supposed to fiddle with boot on the command line in a major way with no apparent way to undo things.

There doesn´t even seem to be an option to BUY sth compatible (at a reasonable price)!?

Now all of a sudden all the work I put into the Player VMs has become useless and I need to see how to proceed (with Hyper-V) quickly as I need sth.

Rrreally pi**d.

G.

Reply
0 Kudos
1 Solution

Accepted Solutions
gue22
Contributor
Contributor
Jump to solution

Here´s my experience how to solve the VMware Workstation / Player Device / Credential Guard compatibility problem / Hyper-V entangled, convoluted BS. Good to know when one can rely on oneself these days.

  1. The VMware Knowledge Base isn´t that bad, but it seems it spreads unnecessary Fear, Uncertainty and Doubt by stating that half a dozen cryptic BSDEDITs are necessary.
    AFAI can tell these steps on the command line are not necessary.
  2. As another pitfall KB#4 fails to state that it´s the EFI-partition you need to mount for the bsdedit commands, but one can´t blame the technical writer as this omission apparently stems from the MS docs.
  3. It should be sufficient to disable Virtualization Based Security as described in KB#1 in VMware Knowledge Base , but somehow the change and the boot dialog described in KB#6 didn´t turn up for me until I triggered / forced the change by going via the BIOS and exiting it with a Save. Then "Press F3 to disable Virtualization Based Security!" appeared.
  4. The whole Hyper-V un/install via Windows Features, also reiterated in the KB, is nonsense. You don´t un/install any other service each time you want to simply dis/enable it.
    Once the whole MiRKoSh*t Hyper-V - Credential Guard mess is disentangled you can switch Hyper-V off and on w/o un/installing it with
    bcdedit /set hypervisorlaunchtype off
    bcdedit /set hypervisorlaunchtype auto
    Please mind it´s "auto" to switch it on and not "on". Guess "on" would have been too intuitive and simple. <arrrggghh>
    And there are 15 (fifteen!) minute videos on Youtube to bring this point home! Who would have needed that then? <sigh>
  5. To install Ubuntu (16.04 LTS) on Hyper-V as Player alternative is not really easy or intuitive, especially the network portion.
    And that the clipboard doesn´t work at the end of 2017 A.D. is a real spoiler. That brought me back to try to get VMware Workstation to work again and invest another ton of hours.
  6. There seems to be Yet Another trap / dependency that bcdedit /set hypervisorlaunchtype off doesn´t work when an (e.g. Docker Linux) Hyper-V VM is running.
    After reboot Hyper-V was still on and the Docker VM was up. Stopping the Hyper-V VM before switch and reboot solved it.

With all that set straight I can now switch at MY will between Hyper-V VMs and Docker on one side and VMware on the other.

Hope this helps some poor souls who don´t get an answer here or are lost with all that misinformation and detours floating around.

Cheers

G.

View solution in original post

Reply
0 Kudos
1 Reply
gue22
Contributor
Contributor
Jump to solution

Here´s my experience how to solve the VMware Workstation / Player Device / Credential Guard compatibility problem / Hyper-V entangled, convoluted BS. Good to know when one can rely on oneself these days.

  1. The VMware Knowledge Base isn´t that bad, but it seems it spreads unnecessary Fear, Uncertainty and Doubt by stating that half a dozen cryptic BSDEDITs are necessary.
    AFAI can tell these steps on the command line are not necessary.
  2. As another pitfall KB#4 fails to state that it´s the EFI-partition you need to mount for the bsdedit commands, but one can´t blame the technical writer as this omission apparently stems from the MS docs.
  3. It should be sufficient to disable Virtualization Based Security as described in KB#1 in VMware Knowledge Base , but somehow the change and the boot dialog described in KB#6 didn´t turn up for me until I triggered / forced the change by going via the BIOS and exiting it with a Save. Then "Press F3 to disable Virtualization Based Security!" appeared.
  4. The whole Hyper-V un/install via Windows Features, also reiterated in the KB, is nonsense. You don´t un/install any other service each time you want to simply dis/enable it.
    Once the whole MiRKoSh*t Hyper-V - Credential Guard mess is disentangled you can switch Hyper-V off and on w/o un/installing it with
    bcdedit /set hypervisorlaunchtype off
    bcdedit /set hypervisorlaunchtype auto
    Please mind it´s "auto" to switch it on and not "on". Guess "on" would have been too intuitive and simple. <arrrggghh>
    And there are 15 (fifteen!) minute videos on Youtube to bring this point home! Who would have needed that then? <sigh>
  5. To install Ubuntu (16.04 LTS) on Hyper-V as Player alternative is not really easy or intuitive, especially the network portion.
    And that the clipboard doesn´t work at the end of 2017 A.D. is a real spoiler. That brought me back to try to get VMware Workstation to work again and invest another ton of hours.
  6. There seems to be Yet Another trap / dependency that bcdedit /set hypervisorlaunchtype off doesn´t work when an (e.g. Docker Linux) Hyper-V VM is running.
    After reboot Hyper-V was still on and the Docker VM was up. Stopping the Hyper-V VM before switch and reboot solved it.

With all that set straight I can now switch at MY will between Hyper-V VMs and Docker on one side and VMware on the other.

Hope this helps some poor souls who don´t get an answer here or are lost with all that misinformation and detours floating around.

Cheers

G.

Reply
0 Kudos