Environment:
My physical hardware has an older TPM that is not compatible with Windows 11. Therefore, I followed the instructions in VMware support article 86207 to use a virtual TPM for the Windows 11 guest.
Specifically, I used option 3A, which describes adding the following line to the guest's .vmx file:
managedVM.autoAddVTPM = "software"
This worked, and I was able to install and configure Windows 11 normally.
The problem now is that I am trying to move this VM to another host, but the new host is prompting me for a password to decrypt the VM - and I don't have that password.
After some additional reading/testing, I've found that encryption happens automatically when using the workflow in the aforementioned support article. But, Workstation neither prompts me to create a password, nor tells me which password it picked on my behalf. So, I seem to be stuck running the guest on this one host, at least for the moment.
Thanks in advance for your help.
Workaround
As a test, I created a new Windows 11 guest on my VMware Workstation host with the unsupported TPM (1.2) and was subsequently able to move it to and start it on a second VMware Workstation host, without being prompted for an encryption password.
In this case, I again followed the installation instructions in support article 86207 for steps 1 and 2. But, I skipped step 3 and instead used the workflow described in the "In case you do not want to Encrypt the Virtual Machine" section to create the BypassTPMCheck registry value.
I am going to rebuild the VM I created yesterday using this workaround. It'll take some time, but it's worth it to me at this early stage, to have the flexibility to move it once it's laden with more customizations.
Considerations
I get the gist of the Windows 11 TPM requirements and the basics of the blog that @RDPetruska referenced above. But, I'm no expert in TPM/Windows/VMware, so take the following with caution.
Noone knows. This is, unfortunately, one of the limitations of using the experimental vTPM feature. See wila's blog https://www.vimalin.com/blog/what-you-should-know-about-vmwares-experimental-vtpm/ for more details.
Thanks!
@manniongeo wrote:
Would you mind posting a link to "wila's blog"?I see it now; thanks.- Is there a better option where I can run a Windows 11 guest on a host that doesn't not support Windows 11, and still be able to move the guest
Thanks!
1. Yeah, I posted my reply then looked for the link. Edited once I found it. You likely started replying in-between.
2. I honestly don't know. With everything I read about Win 11, I'm not touching it with a 10' pole. Seems too much like Vista to me.
Workaround
As a test, I created a new Windows 11 guest on my VMware Workstation host with the unsupported TPM (1.2) and was subsequently able to move it to and start it on a second VMware Workstation host, without being prompted for an encryption password.
In this case, I again followed the installation instructions in support article 86207 for steps 1 and 2. But, I skipped step 3 and instead used the workflow described in the "In case you do not want to Encrypt the Virtual Machine" section to create the BypassTPMCheck registry value.
I am going to rebuild the VM I created yesterday using this workaround. It'll take some time, but it's worth it to me at this early stage, to have the flexibility to move it once it's laden with more customizations.
Considerations
I get the gist of the Windows 11 TPM requirements and the basics of the blog that @RDPetruska referenced above. But, I'm no expert in TPM/Windows/VMware, so take the following with caution.
Spend some time and figured out the password.
https://www.syvik.com/multidesk/howto.win11.vmware16.en.html
Hi Syvik,
Thank you for creating this utility. It works GREAT!
I was able to retrieve the password for the Experimental vTPM, which is unknown when using managedvm.autoAddVTPM = "software", and completely remove the encryption from my VM, so that I could upgrade it to the latest supported encryption mode in VMware Workstation 17.5.0.
Hi Syvik
I found your post after resetting windows and trying to reload an encrypted virtual machine. I've tried using your utility which looks great, but I'm getting an error message "Decrypt failed, error code 2148073483." I don't suppose you'd have any idea what I'm doing wrong? Many thanks
The decryption key was saved by Windows. If you have reset Windows, then the key was lost.