Re: Convert from Legacy to UFI

nettech1 · ‎01-28-2024

Hi,

I have a mix of 2016 & 2019 servers that need to be encrypted with MS Bitlocker. All of the servers are configured with a legacy bios boot option. Switching to UEFI makes them unbootable. Just wanted to make sure I am on the right path here.

All servers are on 7.0 esxi hosts. An easy way out is to create a GPO to allow bitlocker without TMP, but a long way would require a few steps.

1. Add WinPE ISO as a bootable device for a server I need to convert
2. Boot to WinPE and run mbr2gpt.exe to convert the OS drive from MBR to GPT.
3. Shut down the VM and switch bios from legacy to UFI
4. Boot the server and verify no data was lost during conversion.
5. Enable secure boot
6. Configure KMS in vCenter (vcenter internal or external)
7. Add TPM device to guest server VM
8. Reboot Guest and start encryption inside the OS.

Please let me know if I am not the right path here?

Thanks

degvm · ‎02-02-2024

The operating system is set correct in the VM settings? The compatibility mode / virtual hardware is on latest version?

the steps you mentioned are correct, we enable efi and secure boot after switching to GBT. No issues. also turning VBS on.

we use : mbr2gpt.exe /convert /allowfullos

nettech1 · ‎02-02-2024

Yeah, OS is set correctly. HW is set to 15 on some of the VMs, will work on getting everything to 19 next weeks and thanks for confirming