Powering on a vm in VMware Workstation on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)

December 7, 2017 at 07:44 · Filed under pribados

baru nyalain lagi vmware workstation 14 pro mau implemen cdb nya pak djb, eh dapet notif vmware tidak bisa berjalan karena ada Credential Guard/Device Guard nya windows 10 dapat lah link ke vmware (https://kb.vmware.com/s/article/2146361)

berikut ringkasannya….

Powering on a vm in VMware Workstation on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)

Document Id

2146361

Symptoms

Powering on a virtual machine in VMware Workstation prior to version 12.5 on a Windows 10 host where Credential Guard or Device Guard is enabled fails with a blue diagnostic screen (BSOD).
From VMware Workstation 12.5, you see error similar to:

VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard.


For more information, see Windows 10 host where Credential Guard or Device Guard is enabled fails when running Workstation (2146361)

Purpose

This article provides steps to disable Credential Guard or Device Guard for a Windows 10 Enterprise host.

Cause

This issue occurs because Device Guard or Credential Guard is incompatible with Workstation.

Resolution

To disable Device Guard or Credential Guard:

  1. Disable the group policy setting that was used to enable Credential Guard.
    1. On the host operating system, click Start Run, type gpedit.msc, and click Ok. The Local group Policy Editor opens.
    2. Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security.
    3. Select Disabled.
  2. Go to Control Panel > Uninstall a Program Turn Windows features on or off to turn off Hyper-V.
  3. Select Do not restart.
  4. Delete the related EFI variables by launching a command prompt on the host machine using an Administrator account and run these commands:

    mountvol X: /s
    copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
    bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d “DebugTool” /application osloader
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path “\EFI\Microsoft\Boot\SecConfig.efi”
    bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
    mountvol X: /d

    Note: Ensure X is an unused drive, else change to another drive.

  5. Restart the host.
  6. Accept the prompt on the boot screen to disable Device Guard or Credential Guard.

Leave a Comment