2 Replies Latest reply on Jun 13, 2018 2:56 PM by lmcwilli

    Powering on a vm in VMware Workstation on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)

    chchia Lurker

      I followed this guide

       

      VMware Knowledge Base

       

      but seems like this is not the permanent solution? i need to repeat the command line in #4 every time i restarted the host!

       

      is there any permanent solution for this?

       

      my windows is Windows 10 17074. vmplayer 14.

        • 1. Re: Powering on a vm in VMware Workstation on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)
          RaviKaushika Lurker

          dear chchia,

           

          good morning.  I too have the same problem; our staff also followed a you tube video and the steps suggested - the problem persists after a reboot of the host.

           

           

          bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
          bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
          bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
          bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
          bcdedit /set hypervisorlaunchtype off


          Note: after restart accept the disabling by clicking on F3. (twice)

          https://www.youtube.com/watch?v=CGpv2Dvzyeg

           

          thanks and regards

          ravi.

          • 2. Re: Powering on a vm in VMware Workstation on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)
            lmcwilli Novice

            I am running VMware Workstation v14.1.2 build-8497320 on Windows 10 Enterprise on a Lenovo P50.

            Today after a Windows 10 update, and installing Docker for Windows, none of my VMware Workstation VMs would open: CentOS, Ubuntu, Windows7.

            I received the following message:

            The link provided in the above error message states: “VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard”.

            The link went on to describe how Device/Credential Guard may be disabled by running gpedit.msc.

            When I attempted to run this command, as administrator, I get the following error:    

            This likely because corporate security restricts what I can change on my laptop.

            Another solution that I found was that Device/Credential Guard may be disabled by running the Device Guard and Credential Guard hardware readiness tool. I tried running this from the Powershell, as admin, and got the message that running scripts is not permitted. This is also likely a restriction imposed by corporate security.

             

            What worked for me

            After traveling down the above two “rabbit holes”, it occurred to me that perhaps neither Device/Credential Guard nor Windows update were the culprits but rather the Docker for Windows install I just did. Specifically, Docker for Windows had enabled Hyper-V.

            As soon as I turned off this feature and rebooted, my VMs worked again!

             

            I posted this solution on our corporate Windows 10 support site and was told the following by our support person:

             

            "VMware is UNSUPPORTED on Win10.   Hyper-V is the only supported VM. I suspect you will have additional pain when we the security team gets around to fully enabling Device-Guard."

             

            This made the prospects for VMware Workstation on Windows 10 appear to be grim.

            Will I have to switch to a Linux desktop to continue using VMware Workstation?