VMware Communities
ggamont
Contributor
Contributor
‎03-26-2024 01:21 PM

Problem with nested virtualization in VMware on Dell Latitude 7440

Hi everyone:

I've already opened a ticket on Dell's Forum, but had no luck. Perhaps, someone has an idea about how to solve this problem:

Problem description: Error when trying to launch a VM with "Virtualize Intel VT-x/EPT or AMD-V/RVI" enabled to use nested virtualization ("VMware does not support nested virtualization on this host. Module 'HV' power on failed. Failed to start the virtual machine"):

vm_settings.png
vm_info_1.png
vm_info_2.png

Environment description:

  • Host: Laptop Dell Latitude 7440, 13th Gen Intel(R) Core(TM) i7-1365U
  • Host OS: Windows 11 Pro, version 23H2
  • Hypervisor: VMware Workstation 17 Pro , Version: 17.0.0 build-20800274
  • VM image: EVE-NG Community VM

Discards and tests made:

  • VM is usable with "Virtualize Intel VT-x/EPT or AMD-V/RVI" disabled.
  • I turned off "Hyper-V", "Virtual Machine Platform", "Windows Subsystem for Linux" features on "Turn Windows features or on off" without sucess.
  • I set "Turn On Virtualization Based Security" to "Disabled" on "Local Group Policy Editor" (Computer Configuration > Administrative Templates > System > Device Guard) without sucess.
  • I turned off "Memory integrity" on Windows "Settings" (Privacy & Security > Windows Security > Device Security > Core Isolation) without success.
  • I executed the following comand on Powershell as admin without sucess: bcdedit /set hypervisorlaunchtype off
  • Reference for previous discards made: https://communities.vmware.com/t5/Nested-Virtualization/Virtualization-Intel-VT-xEPT-it-not-supporte...
  • I disabled "Enable Pre-Boot DMA Support" and "Enable OS Kernel DMA Support" without success.

bios_change_1.png
bios_change_2.png

 

Preview file
22 KB
Preview file
23 KB
Preview file
26 KB
Preview file
1056 KB
Preview file
820 KB
0 Kudos
6 Replies
Technogeezer
Immortal
Immortal
‎03-26-2024 01:51 PM

Did you verify that all the steps you took to disable Hyper-V and associated technologies actually worked? Check the vmware.log file and look for a line starting "Monitor mode" which should be "CPL0" if you are running under the VMware hypervisor. If it says "ULM", you're still running some remnant of Hyper-V and you'll need to make sure you got ALL the settings right

 

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides
ggamont
Contributor
Contributor
‎03-26-2024 02:21 PM

Hi Technogeezer, thanks for your answer. As you pointed out Monitor Mode says "ULM". So I will try to figure out what else I can do to actually get rid of Hyper-V.

 

2024-03-26T21:14:00.775Z In(05) vmx Powering on guestOS 'ubuntu-64' using the configuration for 'ubuntu-64'.
2024-03-26T21:14:00.775Z In(05) vmx ToolsISO: open of C:\Program Files (x86)\VMware\VMware Workstation\isoimages_manifest.txt.sig failed: Could not find the file
2024-03-26T21:14:00.775Z In(05) vmx ToolsISO: Unable to read signature file 'C:\Program Files (x86)\VMware\VMware Workstation\isoimages_manifest.txt.sig', ignoring.
2024-03-26T21:14:00.775Z In(05) vmx ToolsISO: Updated cached value for imageName to 'linux.iso'.
2024-03-26T21:14:00.775Z In(05) vmx ToolsISO: Selected Tools ISO 'linux.iso' for 'ubuntu-64' guest.
2024-03-26T21:14:00.780Z In(05) vmx Vix: [mainDispatch.c:4213]: VMAutomation_ReportPowerOpFinished: statevar=1, newAppState=1873, success=1 additionalError=0
2024-03-26T21:14:00.780Z In(05) vmx DEVSWAP: GuestOS does not require LSI adapter swap.
2024-03-26T21:14:00.781Z In(05) vmx Monitor Mode: ULM
2024-03-26T21:14:00.781Z In(05) vmx MsgHint: msg.loader.mitigations.wsAndFusion
2024-03-26T21:14:00.781Z In(05)+ vmx You are running this virtual machine with side channel mitigations enabled. Side channel mitigations provide enhanced security but also lower performance.
2024-03-26T21:14:00.781Z In(05)+ vmx
2024-03-26T21:14:00.781Z In(05)+ vmx To disable mitigations, change the side channel mitigations setting in the advanced panel of the virtual machine settings. Refer to VMware KB article 79832 at https://kb.vmware.com/s/article/79832 for more details.
2024-03-26T21:14:00.781Z In(05)+ vmx ---------------------------------------
0 Kudos
bluefirestorm
Champion
Champion
‎03-26-2024 05:10 PM

The "Enable OS Kernel DMA Support" in the host UEFI should be "OFF". You should see in msinfo32 "Kernel DMA Protection" as "Off". If it is not "off" despite turning off "Enable OS Kernel DMA Support", try turning "OFF" "VT for Direct I/O" as kernel DMA protection has a dependency on VT-d.

The "Virtualization-based security" value should be "not enabled" as well in msinfo32. A value of "Running" would also result in "ULM" instead of "CPL0" for VMware VMs.

 

ggamont
Contributor
Contributor
‎03-26-2024 08:04 PM

Hi bluefirestorm , I disabled "Enable OS Kernel DMA Support" and "Enable Intel VT for Direct I/O" on the BIOS (see 
bios_setup_virtualization_support_1.png, and bios_setup_virtualization_support_1.png).

After the machine booted up, system information showed "Kernel DMA Protection" as "OFF" but "Virtualization-based security" still showed "Running" status (see  system_info.png). Unfortunately, Monitor Mode is still ULM.

Preview file
1118 KB
Preview file
1306 KB
Preview file
94 KB
0 Kudos
bluefirestorm
Champion
Champion
‎03-26-2024 08:28 PM

The UEFI setting only affects the "Kernel DMA Protection".

The msinfo32 screenshot shows "Windows Defender Application Guard" as "Enforced"; the "Windows Defender Application Guard" from the turn on/off Windows feature also has to be removed (aside from WSL2, Virtual Machine Platform, Windows Sandbox, etc).

As for VBS, you could try one more round with this post (try Phase 2 and Phase 3).
https://communities.vmware.com/t5/VMware-Workstation-Pro/Disabling-Hyper-V-hypervisor-on-Windows-11-...

If the machine is a member of an AD domain (maybe it is??? AzureAD\ is prefixed to the User Name in msinfo32), things like VBS can be enforced through Domain Policy as well, if that is the case you will need to talk to your AD Domain Admin.

 

ggamont
Contributor
Contributor
‎03-26-2024 09:02 PM

Finally worked with Phase 3 procedure of the referenced link https://communities.vmware.com/t5/VMware-Workstation-Pro/Disabling-Hyper-V-hypervisor-on-Windows-11-...

I'm attaching some screenshots so other people with the same problem can use them as complement of the referenced link.

1. in_reboot_confirmation_1.png
2. in_reboot_confirmation_2.png
3. after_reboot.png

Finally, the vmware.log for the VM shows: "vmx Monitor Mode: CPL0"

Thanks to everyone for your help!

 

Preview file
101 KB
Preview file
561 KB
Preview file
929 KB
0 Kudos