VMware Workstation Incompatible with Device/Credential Guard

Posted on | In ,

在 Windows 中启用 Hyper-V 之后,VMware Workstation 就不能用了,会提示“VMware Workstation 与 Device/Credential Guard 不兼容。在禁用 Device/Credential Guard 后,可以运行 VMware Workstation”,然而禁用 Device/Credential Guard 并不能解决问题。

VMware Workstation and Device/Credential Guard are not compatible

启用 Hyper-V 之后,原来的宿主机操作系统实际上也变成了一台虚拟机,即宿主机操作系统是运行在 Hypervisor 之上的,此时再运行 VMware Workstation 可能会产生嵌套虚拟化(此为猜测),而 Hyper-V 的虚拟机默认是没有开启嵌套虚拟化支持的。

一个可行的解决方法是通过 bcdedit 设置两套启动方案,一套启用 Hyper-V,另一套则禁用 Hyper-V(设置 HypervisorLaunchTypeOFF)以便运行 VMware Workstation。

通过 bcdedit 参数 HypervisorLaunchType 禁用 Hyper-V

相关命令文本:

bcdedit /set {current} description "Windows 10 Hyper-V"
bcdedit /copy {current} /d "Winows 10"
// 已将该项成功复制到 {new_guid}
bcdedit /set {new_guid} HypervisorLaunchType OFF
bcdedit /displayorder {current} {new_guid}
bcdedit /timeout 10

这里默认进入启用了 Hyper-V 的启动项,等待时间设置为 10 秒钟。

2020/05/30 更新

VMware Workstation 15.5 已经支持运行在 Hyper-V 模式下了,要求 Windows 至少是 Windows 10 20H1 build 19041.264 及更新版本,参考 VMware Workstation 15.5 Now Supports Host Hyper-V Mode

How does VMware Workstation work before version 15.5.5?

VMware Workstation traditionally has used a Virtual Machine Monitor (VMM) which operates in privileged mode requiring direct access to the CPU as well as access to the CPU’s built in virtualization support (Intel’s VT-x and AMD’s AMD-V). When a Windows host enables Virtualization Based Security (“VBS“) features, Windows adds a hypervisor layer based on Hyper-V between the hardware and Windows. Any attempt to run VMware’s traditional VMM fails because being inside Hyper-V the VMM no longer has access to the hardware’s virtualization support.

Introducing User Level Monitor

To fix this Hyper-V/Host VBS compatibility issue, VMware’s platform team re-architected VMware’s Hypervisor to use Microsoft’s WHP APIs. This means changing our VMM to run at user level\ instead of in privileged mode, as well modifying it to use the WHP APIs to manage the execution of a guest instead of using the underlying hardware directly.

What does this mean to you?

VMware Workstation/Player can now run when Hyper-V is enabled. You no longer have to choose between running VMware Workstation and Windows features like WSL, Device Guard and Credential Guard. When Hyper-V is enabled, ULM mode will automatically be used so you can run VMware Workstation normally. If you don’t use Hyper-V at all, VMware Workstation is smart enough to detect this and the VMM will be used.

System Requirements

To run Workstation/Player using the Windows Hypervisor APIs, the minimum required Windows 10 version is Windows 10 20H1 build 19041.264. VMware Workstation/Player minimum version is 15.5.5.

不知道这个新引入的 User Level Monitor 对虚拟机的性能是否有影响。

请作者喝杯咖啡☕