When powering up a virtual machine in VMWare Workstation virtualization products, i.e. VMWare Workstation Pro or VMWare Workstation Player, in a Windows 10 host, the startup may fails with BSOD or the following error may be prompted, and the VM cannot be started:
VMWare Workstation and Device/Credential Guard are not compatible. VMWare Workstation can be run after disabling Device/Credential Guard. Please visit http://www.vmware.com/go/turnoff_CG_DG for more details.
The problem happens even though you have no idea what’s Device Guard and Credential Guard about, and certainly not enable them. And to make the matter worse, the issue could be caused not by just Device Guard and Credential Guard, even though the error message makes no mention of others.
Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them, and is mostly implemented in enterprise environment. Windows Defender Device Guard is split into two features known as Windows Defender Exploit Guard and Windows Defender Application Control. These features are a combination of enterprise-related hardware, firmware and software security features that, when configured together, will lock down a device so that it can only run trusted applications and hence reduce the exposed attack surface to malware.
Anyway, the main culprit that causes the issue is incompatibility between VMWare Workstation and Hyper-V or Windows Hypervisor Platform. Essentially, on VMWare Workstation 15.5 or earlier versions, you cannot run a virtual machine virtualized by VMWare Workstation when a feature that uses Hyper-V is installed or enabled.
And with the increasingly dominant and popularity of virtualization based security, many Windows 10 features, especially security features, requires Windows Hypervisor, which is built-into every Windows 10 machines.
If you’re encountering the VMWare VM not powering up due to conflict with Windows Hypervisor, basically you have a few options to resolve the issue.
1. Upgrade to VMWare Workstation 16 20H1 Technical Preview or later
VMWare Workstation 20H1 Technical Preview, and VMWare Workstation 16 when it’s released as stable version, have native support so that VMWare can co-exist with Hyper-V together on Windows 10 systems by utilizing Windows Hypervisor Platform API.
2. Disable Hyper-V, Windows Hypervisor and other related features
If you must use VMWare, disable all of the following features of Windows 10 that uses Windows Hypervisor even though they’re not specifically mentioned so, in Control Panel -> Program & Features -> Turn Windows features on or off:
- Guarded Host
- Microsoft Defender Application Guard (aka Isolated User Mode)
- Windows Hypervisor Platform
- Windows Sandbox
- Windows Subsystem for Linux
In addition, you need to disable to Windows Defender Credential Guard, if enabled. To disable, open Local Group Policy Editor (GPedit.msc), and navigate to Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization Based Security). Set the policy to Disabled or Not Configured.
You can also download the Device Guard and Credential Guard hardware readiness tool, extract the content and then open a PowerShell window as Administrator to run the following command to disable DG and CG:
3. Temporarily Disable Windows Hypervisor
Open a Command Prompt as Administrator, and run the following command to disable Windows Hypervisor on next boot up:
bcdedit /set hypervisorlaunchtype off
Restart the PC when done. To restore Windows Hypervisor support, run the following command and reboot:
bcdedit /set hypervisorlaunchtype auto
4. Migrate the VMs (virtual machines) to Hyper-V
If you must use Hyper-V, one of the option is to migrate all your virtual machines in VMWare Workstation to Hyper-V, and then power up the VMs in Hyper-V. Though the migration by no means trouble free and easy, or even the migrated VMs are not guaranteed to workable.