Search the VMware Knowledge Base (KB)
View by Article ID

Powering on a vm in VMware Workstation prior to version 12.5 on Windows 10 host where Credential Guard/Device Guard is enabled fails with BSOD (2146361)

  • 669 Ratings
Language Editions

Symptoms

Powering on a virtual machine in VMware Workstation prior to version 12.5 on a Windows 10 host where Credential Guard or Device Guard is enabled fails with a blue diagnostic screen (BSOD).
From VMware Workstation 12.5, you see error similar to:

VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard.



For more information, see Windows 10 host where Credential Guard or Device Guard is enabled fails when running Workstation (2146361)

Purpose

This article provides steps to disable Credential Guard or Device Guard for a Windows 10 Enterprise host.

Cause

This issue occurs because Device Guard or Credential Guard is incompatible with Workstation.

Resolution

To disable Device Guard or Credential Guard:
  1. Disable the group policy setting that was used to enable Credential Guard.
    1. On the host operating system, click Start > Run, type gpedit.msc, and click Ok. The Local group Policy Editor opens.
    2. Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security.
    3. Select Disabled.

  2. Go to Control Panel > Uninstall a Program > Turn Windows features on or off to turn off Hyper-V.
  3. Select Do not restart.
  4. Delete the related EFI variables by launching a command prompt on the host machine using an Administrator account and run these commands:

    mountvol X: /s
    copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
    bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
    bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
    mountvol X: /d

    Note: Ensure X is an unused drive, else change to another drive.

  5. Restart the host.
  6. Accept the prompt on the boot screen to disable Device Guard or Credential Guard.

See Also

Language Editions

zh_cn,2148465

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 669 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 669 Ratings
Actions
KB: