My PC applied the latest Windows Update (10.0.19041) last week, and then I deployed WSL2 and played a little bit with it. Today, as I wanted to start one of my VMware virtual machines, it greeted me with this message:
VMware Workstation and Device/Credential Guard are not compatible.
VMware Workstation can be run after disabling Device/Credential Guard.
There is a VMware Knowledge Base article on the topic, but it did not help me a lot. I tried disabling Device Guard and Credential Guard, but somehow, every setting was already conigured to disable both services.
Disabling Virtualisation-Based Security (VBS)
Running msinfo32
as an administrator revealed that Virtualisation-based security
was enabled. I found
this Microsoft article
which explains how to disable it. It requires mounting the boot disk as drive X:
and then running a bunch of bcdedit
commands:
mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
bcdedit /set vsmlaunchtype off
mountvol X: /d
I rebooted, Windows asked me to confirm that I wanted to disable the features at the very start of the boot sequence. I pressed F3 and voilà, or at least, that’s what I thought.
Disabling Hyper-V
I confirmed that VBS was indeed desactivated, then I tried again to start VMware. But this time, it complained that I had Hyper-V interfering, yet I had checked in the Turn on or off Windows features settings that Hyper-V was not enabled.
HyperVSwitch.exe showed that Hyper-V was indeed activated. I deactivated it and once again, rebooted my PC.
WTF?
When I attempted to launch VMware again, I was greeted with my initial error message, again:
VMware Workstation and Device/Credential Guard are not compatible.
VMware Workstation can be run after disabling Device/Credential Guard.
What was going on? Somehow, everything had been reverted back to the initial state. After some digging around, I decided to disable secure boot in the BIOS settings of my PC, then re-ran the scripts above and rebooted.
I’ve been able to successfully start my VM and I am back to normal. However, as I expected, WSL2 is no longer working, as it requires Hyper-V.
Please enable the Virtual Machine Platform Windows feature and ensure virtualization is enabled in the BIOS.
For information please visit https://aka.ms/wsl2-install
Yay.
There have been rumors that VMware is working on a Hyper-V compatible VMware Workstation version, so for now, I’ll wait, and restrain from using WSL2 on my main development machine.