esSJae's Virtualization Blog

Virtualization and other IT topics

Archive for the ‘Workstation’ Category

Hyper-V, Credential Guard, Device Guard, or why doesn’t VMware Workstation or VirtualBox work on Windows 10?

Posted by essjae on June 21, 2019

It’s frustrating if you’re seeing the the message from VMware Workstation about Device Guard or Credential Guard or the similar one from VirtualBox.

But, there are a few thing to clarify before going off on a search for those devices.  First, if you’ve got Hyper-V installed, that is the most likely culprit here and disabling or removing that feature should solve your issue.

Some things to consider:

If you’ve got Windows 10 Home, then you don’t have Hyper-V enabled. See: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/hyper-v-requirements

If you have Windows 10 Home or Pro you do not have Credential Guard enabled.  It is a feature only in Enterprise, Education, and IoT Enterprise versions of Windows 10. See: https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements

 

This is great info, but what do you do about getting Workstation or VirtualBox to work?

Again, the most likely culprit is Hyper-V.  Disabling or removing and a reboot should resolve this.

Disable or Remove Hyper-V

Disable Hyper-V

Open an elevated command prompt or PowerShell (right-click and select Run as Administrator)

Enter: bcdedit /set hypervisorlaunchtype off

Reboot.  (To re-enable Hyper-V, open an elevated prompt and enter:  bcdedit /set hypervisorlaunchtype auto and reboot.)

Remove Hyper-V

Go to Control Panel–>Programs and Features, select Turn Windows features on or off.

Expand Hyper-V, then expand Hyper-V Platform.

Uncheck Hyper-V Hypervisor.

Reboot.  Please note that removing Hyper-V could affect the functionality of other features of Windows 10 such as Docker.

Windows Hypervisor Platform

While this is supposed to allow 3rd party virtualization to access the hardware virtualization on the host, it doesn’t seem to work for either Workstation or VirtualBox.  Workstation  gives the same standard Credential Guard message.  VirtualBox is supposed to work per their changelog, but the communities have posts reporting failure and a bug report on it.

Disable Windows Hypervisor Platform

Go to Control Panel–>Programs and Features, select Turn Windows features on or off.

Uncheck Windows Hypervisor Platform

Reboot.

 

Disable Device Guard

Editing the Registry will disable this feature.  Please make sure you have a backup of your system, as editing the Registry can result in an unusable or broken Windows.

Edit the following key:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity

Set:  Name = “Enabled”  Type =dword  Data = 0

Reboot.

Alternately, you can use the Local Group Policy Editor to manage Device Guard.

Start gpedit.msc or find Local Security Policy from the start menu.

Expand Computer Configuration\Administrative Templates\System\Device Guard and change the state to disabled.  If you see the same settings as below, you probably don’t have Device Guard enabled.

Credential Guard

Credential Guard is controlled via Group Policy, so it’s likely that if this is the issue, you’ll be unable to do anything about it yourself.  You’ll need to contact your IT department to have this turned off.  Again, Credential Guard is only available on Enterprise, Education, and IoT Enterprise.  If you don’t have one of these versions, this isn’t the culprit.

 

Antivirus Utilities

There is one more culprit that could be causing the issue.  Some antivirus software blocks hardware virtualization.

Check with your antivirus vendor to confirm this isn’t an issue and if there is a way to disable it on your AV software.

 

Due to the various builds of Windows 10, you might not find these settings in exactly the same place as described or shown.

 

More info:  https://support.microsoft.com/en-us/help/3204980/virtualization-applications-do-not-work-together-with-hyper-v-device-g

 

 

 

Advertisement

Posted in Hyper-V, VirtualBox, Virtualization, VMWare, Windows 10, Workstation | Tagged: , , , , , , | Leave a Comment »

Setting Up an All-in-One Windows AD Test Environment (VMware Workstation Edition)

Posted by essjae on January 23, 2019

Build a basic all-in-one lab in VMware Workstation. This how-to shows you how to build a virtual Windows Active Directory environment isolated from your home or work network. This is a follow-up to my same procedure in VirtualBox:  https://smudj.wordpress.com/2019/01/17/setting-up-an-all-in-one-windows-ad-test-environment-virtualbox-edition/

Note: I’m no AD expert, there are better, worse, and different ways to do this and you’re not required to use VMware Workstation.

Requirements:
16GB RAM minimum
SSD or multiple HDDs
Quad-core or better CPU with hardware virtualization enabled

  1. Download the necessary software. Download the ISO for the OSes you’ll be installing. For this example, I’ll be using IPFire and the MSDN versions of Windows Server 2016 and Windows 10 Pro.
    1. VMware Workstation Pro: https://www.vmware.com/products/workstation-pro.html
    2. Windows OS Evaluation: https://www.microsoft.com/en-us/evalcenter/
    3. IPFire: https://www.ipfire.org/download/ipfire-2.21-core124
  2. Create a folder for your test environment. 
    1. In Workstation, right-click My Computer and click New Folder.  Enter a name like “Allin1 AD” and press Enter.  Click your new folder to select it.
  3. Create an internal network.
    1. Click Edit–>Virtual Network Editor.
    2. Click Change Settings, click Yes at the UAC prompt.
    3. Click Add Network, select a network.  For this example, we’ll use VMnet15.  Click OK.
      1. Under VMnet Information, verify that Host-only is selected.
      2. Uncheck Connect a host virtual adapter to this network.  *This will prevent your physical host from accessing the test environment.
      3. Uncheck Use local DHCP service to distribute IP address to VMs. *We will use the Windows server’s DHCP and DNS for this environment.
      4. Change the subnet address to 192.168.15.0 **Any IP subnet can be used here.  To prevent confusion, use a unique IP range.  10.0.15.0, 10.15.0.0, 172.16.0.0 and 172.16.15.0 are all alternative options. Choose an appropriate subnet.   For the labs purposes, a 255.255.255.0 subnet is acceptable.  Click Apply
      5. Verify your settings for VMnet15 and click OK.
  4. Create your IPFire Router VM
    1. Click File–>New Virtual Machine or CTRL+N.
    2. Select Custom and click Next to begin the New Virtual Machine Wizard.
    3. Click Next, the default hardware compatibility is fine.
    4. Select Installer disc image file (iso) and click Browse.  Go to the location from step 1.3 where the IPFire ISO is located.
      1. Select the ISO and click Open.  
      2. Click Next
    5. Select Linux as the guest OS and click Next.  *IPFire is built from scratch and not based on any Linux distro.
    6. Enter IPFire for the VM’s name.  Select the appropriate location for your VM.  For this document, the name is ipfire-wpdoc and the location is C:\VMs\ipfire-wpdoc
    7. Click Next.
    8. One processor is enough for our IPFire router, click Next.
    9. 512MB is the minimum requirement for IPFire.  Click 512MB and click Next. (https://wiki.ipfire.org/hardware/requirements)
    10. Network type.  Select host-only networking and click Next.
    11. Click Next to select the default I/O controller type.
    12. Click Next to select the default disk type.
    13. Click Next to create a new virtual disk.
    14. Change the disk size to 4GB and click Next. *2GB is the minimum, 4GB is recommended for logs and add-ons. See 4.9 above. 
    15. Click Next to accept the default disk file name and location.
    16. Click Customize Hardware.
      1. Click Add…, 
      2. Click Network Adapter.  
      3. Click Finish.
        1. The new network adapter, network adapter 2, will be selected.  Select NAT or Bridged for the network connection. **NAT will provide a more isolated environment, where bridged will allow the IPFire VM an IP address on your host’s network.  NAT will be used for this document.
        2. Click Advanced. Click Generate under MAC Address.  Make note of this address.  We will need the address when assigning network types in the IPFire installation.  Click OK.
      4. Click Close.
    17. Click Finish.
    18. Click Edit Virtual Machine Settings
      1. Click Network Adapter
      2. Click Custom, select VMnet15, click OK.
    19. Drag the IPFire VM into the folder created in 2.1 above. 
  5. Install IPFire
    1. Click Power on this virtual machine.
    2. Click the IPFire splash screen and press Enter.  
    3. Press Enter to accept the default language selection.
    4. Press Enter to Start Installation. 
    5. Press Tab, press the spacebar to select I accept this license.  Press Tab again and press Enter.
    6. Press Enter to Delete all data.  
    7. Press Enter to accept the default file system.
    8. Press Enter to reboot.
  6. Configure IPFIre
    1. Press Enter to select the default keyboard layout.
    2. Change the timezone.  For this document PST8PDT will be used.  Press Enter.
    3. Press Enter twice to accept the default hostname
    4. Press Enter twice to accept the default domain
    5. Root password.  Enter a password and press Enter twice. Press Enter to continue. 
    6. Enter a password and press Enter twice.  *this is for the admin password, it can be the same for simplicity. 
    7. Press Enter to continue. 
    8. Use the arrow key to move down to Drivers and card assignmentspress Enter.
      1. Green — This is our internal test environment network.  It will have no direct access to the Internet or the host’s network.
        1. Press Enter to select
        2. Compare the MAC addresses and use the one that was not generated in step 4.16.3.2.
        3. Use the arrow keys to select the correct interface and press Enter.  To move between fields, use the Tab key.
      2. Red — this will allow the test environment external access via the NAT network.
        1. Use the arrow key to select Red and press Enter.
        2. There should only be one interface left to select.  Press Enter. 
    9. Both network cards should now be assigned.  Use Tab to move to Done and press Enter.
    11. Tab to Address Settings and press Enter.
      1. Press Enter to reconfigure the Green interface.
      2. Press Enter to acknowledge the warning.  We are not connected remotely, so this does not apply.
      3. Since we are using the 192.168.15.0 subnet, we will assign a 192.168.15.1 IP address to the Green interface as it will be our gateway IP address.  The default subnet mask does not need to be changed.  Press Enter three times to accept the IP, subnet, and return to Address Settings.
      4. Use the arrow key to select Red.  Press Enter.
      5. The Red interface will get an IP address from Workstation’s NAT.  Using the arrow keys and spacebar, select DHCP.  Use Tab to move to OK and press Enter.
      6. Use Tab to move to Done and press Enter
    12. DNS and Gateway settings are only needed if using a static IP. Since we are using DHCP, there is nothing to change here. Tab to Done and press Enter.
    13. We will be using Windows DHCP so we do not need to enable IPFire’s DHCP server.  Tab to OK and press Enter.
    14. Setup is complete.  Press Enter.
    15. Login with root and verify that you can ping an external IP address like 4.2.2.2 or 8.8.8.8.  Press CTRL+C to break the ping.  If unable to ping, verify the network configuration is correct above.
  7. Create a Windows Server 2016 VM.
    1. Press CTRL+N, select Custom, click Next.
    2. Click Next, the default hardware compatibility is fine.
    3. Select Installer disc image file (iso) and click Browse.  Go to the location from step 1.2 where the Windows Server ISO is located.
      1. Select the ISO and click Open.  
      2. Click Next
    4. Click Next to skip the Easy Install InformationClick Yes to accept the product key prompt.
    5. Enter a VM name and location.  For this document, the name is W2016DC1 and D:\VMs\Virtual Machines\W2016DC1
    6. Click Next to select the default BIOS.
    7. Select One Processor and Two Cores. Click Next.
    8. Set RAM to 4096MB. If you have more than 16GB of RAM, you can increase to 6 or 8GB, if needed. Click Next.
    9. Select use host-only networking and click Next.
    10. Click Next to select the default I/O controller type.
    11. Click Next to select the default disk type.
    12. Click Next to create a new virtual disk.
    13. Change the Maximum disk size to 80.0 GB.  Click Next 
    14. Click Next to accept the default disk file name and location.
    15. Click Finish.
    16. Click Exit virtual machine settings.
      1. Click Network Adapter.
      2. Select Custom, VMnet15, and click OK
  8. Install Windows 2016
    1. Install Windows as you normally would.
  9. Configure Windows Server and Domain
    1. Enter the IP information. The IP needs to be on the same subnet as configured for the GREEN network. EX: 192.168.15.200, GW: 192.168.15.1, DNS: 127.0.0.1 since we’ll be creating a domain controller with DNS and DHCP services. *Remember to use the IP address entered in step 6.11.3 for the gateway address.
    2. You should be able to ping an IP address like 192.168.1.15 and 4.2.2.2, but not a DNS name.
    3. Change the name of your server and reboot.
    4. Start the Add Roles and Feature Wizard
      1. Add the following roles:
      –Active Directory Domain Services
      –DHCP Services
      –DNS Services
      2. Follow the wizard’s steps.
      3. Promote: Add a new forest.
      4. Enter your domain name and follow the wizard.  –you will get a warning about DNS, this will be resolved later.
    5. Configure DNS and DHCP
      1. DNS.  We need to add a forwarder for our DNS settings.
        1. From Administrative Tools, open DNS
        2. Right-click on your server and click Properties.
        3. Click the Forwarders tab
        4. Click Edit, and add your external DNS servers like 4.2.2.1, 4.2.2.2, 8.8.8.8, and 8.8.4.4.
      2. DHCP
        1. Double-click DHCP from Administrative Tools
        2. Expand IPv4 and right-click, click New Scope from the menu.
        3. Enter an IP range, ex: 192.168.211.50 to 192.168.211.100
        4. The remaining settings can be default for now.
        5. When asked to configure scop options, verify “Yes” and click Next.
        6. Router/Default gateway will be the IP we used to configure the GREEN NIC, ex: 192.168.15.1
        7. Domain name and DNS should be pre-configured. You should see the server’s IP in IP address box, ex: 192.168.15.200
        8. WINS does not need to be configured at this time.
        9. When prompted to activate scope, verify “Yes” and click Next.
        10. Click Finish to complete the wizard.
        11. Right-click on the server’s name under DHCP, and click Authorize from the menu. Refresh and IPv4 should have a green circle with a white check mark
    6. More details for setting up an DC in Windows 2016 can be found here: https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
  10.  Managing IPFire via web interface
    1. IPFire can be accessed via web browser.  Enter Enter https://ipfire_ip-address:444, in this document it will be https://192.168.15.1:444
    2. You will get a certificate error when accessing the IPFire management page.
  11. Adding Client VMs
    1. Add your Windows Client OSes.  Install Windows as usual, make sure to set your VM’s network to the custom VMnet15.
  12. Completion! 

Here’s the all-in-one pic!

  • VMware Workstation
  • IPFire
  • Windows 2016 DC via RDP
  • Windows 10 

 

Posted in Linux, Networking, Virtualization, VM OS Install, VMWare, Windows, Windows 2016, Windows 2016, Workstation | Tagged: , , , , , , , | 2 Comments »

VMware Workstation 12 released 26Aug2015

Posted by essjae on September 1, 2015

A little late, I know!

Also, VMware Workstation Player (formerly known as Player Pro) – See more

Player, Workstation, and Workstation Player Comparison

VMware Workstation 12 Pro Release Notes

VMware Workstation 12 Pro | 24 AUG 2015 | Build 2985596

Last updated: 26 AUG 2015

Check for additions and updates to these release notes.

What’s in the Release Notes

The release notes cover the following topics:

About VMware Workstation Pro

VMware Workstation Pro enables technical professionals to develop, test, demonstrate, and deploy software by running multiple x86-based Windows, Linux, and other operating systems simultaneously on the same PC.

You can replicate server, desktop, and tablet environments in a virtual machine and allocate multiple processor cores, gigabytes of main memory and graphics memory to each virtual machine, whether the VM resides on a personal PC or on a private enterprise cloud.

For more information, see the broader VMware Workstation documentation or specifically the VMware Workstation 12 Pro Documentation Center.

What’s New

The following support is new in Workstation 12 Pro:

  • Full support of Windows 10
    VMware Workstation Pro provides the following support for Windows 10:

    • Run Windows 10 as a virtual machine
    • Run Windows 10 as a host operating system
    • Windows 10 Auto Detect and Easy Install
    • Unity support for Windows 10
    • Migrate Windows 10 PC to a virtual machine
  • New guest operating systems support
    Support has been added for the following operating systems:

    • Ubuntu 15.04
    • Fedora 22
    • CentOS 7.1
    • RHEL 7.1
    • Oracle Linux 7.1
    • VMware Project Photon
  • Advanced graphics
    Support has been added for the following standards:

    • DirectX 10
    • OpenGL 3.3
  • Performance improvements for suspending and resuming encrypted virtual machines
  • Improved vCloud Air Integration (Workstation Pro on Windows only)
    • Power operation on remote virtual machines
    • Enhanced user experience
  • Support IPv6 NAT network
  • Tear away tabs
    You can drag open tabs out of the Workstation Pro window into new or already existing Workstation Pro windows.
  • Automatically suspend virtual machines upon host shutdown
  • Support 4K monitors with high resolution UI
  • Support for multiple monitors with different DPI settings
  • Echo cancellation for voice and video calls with Microsoft Lync and Skype
  • Added USB 3.0 support to Windows 7 virtual machines (with the latest Intel USB driver)
  • Improved standard installer
  • Added NAT network configuration in Virtual Network Editor on Linux hosts
  • Respect left-handed mouse setting on Windows host

The following features have reached end of life in Workstation 12 Pro and have been removed:

  • Unity mode on Linux guest and host operating systems
  • Integrated Virtual Debugger Visual Studio
  • Connection to the VMware vCloud Air subscription service (The VMware vCloud Air OnDemand service is still fully supported)

Posted in Virtualization, VMWare, Workstation | Tagged: , , , , | Leave a Comment »

VMWare Workstation 11 now available!

Posted by essjae on December 15, 2014

http://www.vmware.com/products/workstation/features.html

Lots of new features, and a big performance boost for Haswell CPUs, 2GB of video memory,  Windows 10 TP ready, QHD+ resolutions, and more!

I originally wrote this up when it was on sale for a 30% discount.  I guess I went over and purchased my upgrades and forgot to come back and publish this.

Posted in Virtualization, VMWare, Workstation | Leave a Comment »