Re: VM encrypted itself, don't know the password (... - Page 2

digifox55 · ‎10-24-2023

Hello, I read these topics: VM-encrypted-itself-don-t-know-the-password and VM-asking-for-password but I still need help.

I updated Fusion 13 Pro from v. 13.0.2 to 13.5 a few days ago. I have a M2 MacBook with Sonoma, and run several vms of Win11 ARM.

After updating I noticed that I could only open my default vm file, all the other vms raised a popup saying "The virtual machine "Windows 11 64-bit arm" is encrypted. You must enter its password to continue.". I am sure I had never enabled encryption before. In fact I could close and reopen my default vm with no password prompt.

After noticing that my def-vm wasn't properly scaling the resolution anymore (no way to stretch it to fit it to the window), I decided to downgrade to 13.0.2. As soon as I went back to 13.0.2 not only my other-vms kept asking me the password, but also my def-vm has become encrypted with the same prompt. I went back to 13.5 again and def-vm is still encrypted.

Any ideas to recover my instances? Could a full macos time-machine backup lead me to a point where the vms aren't encrypted?

Thank you so much in advance!

Technogeezer · ‎01-06-2024

When creating a virtual machine for Windows 11 ARM using the Fusion wizards, you had to select what style of encryption to use for the VM. It also asked you to either provide an encryption password or to auto-generate one. If you auto-generated one, the password is displayed. for you.

It also provided a box to save the password in the Mac's keychain. I believe that this is set by default. If you unchecked this box, a warning was blasted out that if you don't remember the password, your data will be lost.

I hope you did not simply "click through" these things without understanding what you were doing.

If you left this box checked, your VM's password is saved in the Keychain. If that occurred, use the Mac's Keychain Access utility to open the keychain, and search for "VMware Fusion Encryption" entries. If you highlight it, the "Where" field in the entry will point to the VM it's holding the key for. You can display the password from there.

My "cookbook" solution to the problem is for you to remember the password for the VM in the password management system of your choice after either typing it in yourself or auto-generating it (remember, it will be displayed for you to remember should you auto-generate it). Don't rely on the Keychain - you always need a backup for anything you do on a computer to cover the "just in case" scenarios.

You might want to take a look at the available Fusion and macOS documentation to move yourself from being a "rookie" and move the upper end of your expertise. You'll get more out of Fusion and macOS if you do.

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides

CATTS-IT · ‎01-06-2024

Hi Paul,

I understand all that, the issue I have is that an update of Fusion resulted in an unencryoted VM being encrypted without my knowledge during the update process. This is certainly an undocumented "feature" which should have been publicised to ensure that users werent caught out, losing access to their VM's which in some cases may have had important configs or data within them.

I investigated this at length and was unable to get access to my original VM resulting in having to build a new replacement VM, which I was asked to provide an encryption key for this time. The Macs Keychain had nothing relating to this in it.

So to summarise, this is a failing in the Fusion update process, documentation and Read-me info which should have been published and provided this bit of important info. Having started my career in computing back in 1979, I have worked with VM's from Mainframes through to todays versions and so dont believe I am a 'rookie' as such. No previous Fusion update has automatically encrypted a VM so why would I have expected this particular update to cause to much grief. The other factor was that even going back to an unencrypted back up resulted in the VM being locked whn I restored it.

Technogeezer · ‎01-06-2024

My understanding was from my last response was that the poster immediately prior to my response had created a brand new VM in Fusion 13.5. I may have misunderstood that post for which I apologize.

I will agree with you that there is a failure in VMware’s upgrading to the new encryption that bricks a working VM. It’s compounded by VMware’s broken experimental vTPM in Fusion 12 and then encouraging people to use it. That alone was guaranteed to cause problems in the future for anyone that used it.

I’m still curious about the cases where Fusion 13 and later has “automatically encrypted” a Windows 11 VM without the user’s knowledge. A new Windows 11 VM in Fusion 13+ will have encryption applied (because the TPM is automatically included for windows 11) but the user should be prompted for the type of encryption and the key. An unencrypted VM should not be subjected to the new encryption conversion since it was never encrypted in the first place unless there something else amiss that isn’t obvious.

Does anyone have a “before” .vmx file from a backup of a VM taken before an upgrade, and then an “after” .vmx file where the VM has “encrypted” itself? Or has a problem with the encryption?

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides

Simell1968 · ‎03-21-2024

I have had the same issue with an update to 13.5.1, which has encrypted my VM for some reason. I have been using this VM for a year or so and it's never asked for a password before this morning when I got to site.

Technogeezer · ‎03-21-2024

@Simell1968 can you provide more details? What OS is running in the guest VM? Can you post the .vmx file of the VM and how the virtual hard drive is configured (single file or split into multiple pieces)?

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides

All

VM encrypted itself, don't know the password (part.2) (after 13.5 update)