DanRaymond65
VMware Employee
VMware Employee

VMware Workstation Pro 16.2.1 Build18811642 Unable to launch nested ESXi VMs

I recently started experiencing an issue where previously nested ESXi hosts would run on my Dell 5550 laptop with the Virtualized Intel VT-x/EPT enabled in the BIOS. Any existing ESXi VM or new ESXi VM receive the following error when attempting to start the VM - Virtualized Intel VT-x/EPT is not supported on this platform. Continue without virtualized Intel VT-x/EPT? 

Any ideas?

0 Kudos
7 Replies
bluefirestorm
Virtuoso
Virtuoso

That means Windows Hypervisor API ULM is used for the VMM instead of Intel ring-0 VT-x.

Remove Hyper-V from the host and/or make sure Memory Integrity is off.

Remove Hyper-V follow this KB https://kb.vmware.com/s/article/2146361
For Memory Integrity go to Windows Security -> Device Security -> Core Isolation

 

0 Kudos
DanRaymond65
VMware Employee
VMware Employee

@bluefirestorm Thank you for the quick reply. I have reviewed the kb article and have confirmed that Hyper-V is not installed and Memory Integrity is off. I even followed some steps using bcdedit and gpedit to change settings per the kb article without any luck. I am still getting the same errors when I attempt to launch any nested VM.

0 Kudos
bluefirestorm
Virtuoso
Virtuoso

You can verify the vmware.log of any VM that Workstation still detects Hyper-V.

In(05) vmx IOPL_Init: Hyper-V detected by CPUID
In(05) vmx Monitor Mode: ULM

Did you also do the

“bcdedit /set hypervisorlaunchtype off” step in the KB?

If the laptop is a member of a Windows domain, Group Policy might be enforcing things like Memory Integrity even though it is not enabled on the local machine.

0 Kudos
DanRaymond65
VMware Employee
VMware Employee

I looked in the vmware.log file of the VM I'm attempting to launch and I am indeed seeing the following items in the log file:

In(05) vmx IOPL_Init: Hyper-V detected by CPUID
In(05) vmx Monitor Mode: ULM

I did run the bcdedit /set hypervisorlaunchtype off per the kb.

Yes, the laptop is a corporate device and a member of a Windows domain. Is there a way to confirm if a domain GPO is enforcing settings?

I have opened an internal support case.

 

0 Kudos
Mikero
Community Manager
Community Manager

GPO might be enforcing Bitlocker or other VBS features (device guard, credential guard?), which deploy Hyper-V.

We do have Slack #fusion-workstation tho, fellow employee 🙂

-
Michael Roy - PM/PMM: Fusion & Workstation
0 Kudos
rm_bk
Enthusiast
Enthusiast

gpresult /h test.html

Then open the resulting html file with Internet Explorer (ideally, though Chrome is OK too).

This will reveal everything Group Policy is doing.

 

0 Kudos
mmarticke
VMware Employee
VMware Employee

Hi all, I have the same issue and I urgently need the nested cluster for a channel demo? Any update on this? Thanks!

0 Kudos