• Powering on the virtual machine in VMware Workstation 12.5 or later version on a Windows 10 1909 or earlier host fails to start in following situation:
  • Credential Guard/Device Guard is enabled.
  • Windows Sandbox is enabled
  • Virtual machine platform is enabled
  • WSL2 is enabled
  • Hyper-V is enabled

• Error message in VMware Workstation Pro/Player similar to:

VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard.

This issue occurs because Hyper-V is incompatible with Workstation Pro or Workstation Player.

Process to troubleshoot the error:

To troubleshoot the error follow the steps below:

• If your Host has Windows 10 20H1 build 19041.264 or newer, upgrade/update to Workstation 15.5.6 or above.

• If your Host has Windows 10 1909 or earlier, disable Hyper-V on the host to resolve this issue.

Steps to Disable Hyper-V:

• Credential Guard/Device Guard
• Windows Sandbox
• Virtual machine platform
• WSL2
• Hyper-V

Verify Virtualization-based Security (VBS) is Enabled/Not Enabled:

1. Turn Off Hyper-V

1. Go to "Turn Windows features on or off"
2. Make sure Hyper-v is not ticked.
3. If it is Ticked, untick it and click "Ok".

2. Open command prompt window as an administrator   

1. Run “bcdedit /enum {current}”
2. Note down the hypervisorlaunchtype in case this needs to be reverted
3. Run “bcdedit /set hypervisorlaunchtype off” to disable hypervisor Close the command prompt after   executing the commands and restart the system.

We should be able to power on the Virtual Machine in Workstation now.
 

Process to turn off virtualization-based Security:

Below steps can be followed to turn off virtualization-based Security for Windows 10 Home & Pro:

For Microsoft Windows 10 Pro & above:

1. Edit group policy (gpedit)
2. Go to Local Computer Policy > Computer Configuration > Administrative Templates > System
3. Double Click on Device Guard on the right hand side to open.
4. Double Click on "Turn On Virtualization Security" to open a new window
5. It would be "Not Configured", Select "Disable" and click "Ok"
6. Close the Group Policy Editor.
7. Restart the system

For Microsoft Windows 10 Home:

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 256986.

1. Open Registry Editor
2. Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > DeviceGuard
3. On the right-hand side, write a new key

      a. Right Click > New > DWORD (32-bit) Value

      b. Name this Value "EnableVirtualizationBasedSecurity"

          By default, it should be 0, Double click, and confirm the value

      4. Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa
      5. On the right-hand side, write a new key

       a. Right Click > New > DWORD (32-bit) Value

       b. Name this Value "LsaCfgFlags"

 By default, it should be 0, Double click, and confirm the value

For more information on Device Guard or Credential Guard, see the Microsoft article Manage Windows Defender Credential Guard.

Disclaimer: VMware is not responsible for the reliability of any data, opinions, advice, or statements made on third-party websites. Inclusion of such links does not imply that VMware endorses, recommends, or accepts any responsibility for the content of such sites.

Minimum requirement for Windows Host VBS support in VMware Workstation

Impact/Risks:
Hyper-v virtual machine cannot be started after this change.