Vmware workstation and device credential guard are not compatible windows 10

Месяц не пользовался VMware на своём компьютере. За это время моя Windows 10 обновлялась и судя по всему с одним из обновлений прилетела какая-то фигня, которая внесла определённые настройки в систему и VMware перестала запускать гостевые машины выдавая ошибку «VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard»

Очередной привет от Microsoft.

На официальном сайте VMware есть решение этой проблемы. но оно на английском языке и немного запутанное, поэтому потренировавшись на своём компьютере и получив положительный результат (всё заработало) решил записать решение в свой блог, так как в будущем оно мне может снова пригодиться, ведь VMware я использую постоянно для различных целей.

Уверен, что данную статью читают грамотные ребята. Однако напомню, что, следуя советам, полученным из статьи, надо помнить, что выполнение описанных в статье операций может привести к неожиданным для вас последствиям. В связи с этим настоятельно рекомендую предварительно создать точку восстановления системы.

Перейти в «Панель управления => Программы и компоненты => Включение или отключение компонентов Windows» и отключаем Hyper-V и нажимаем «ОК»:

Компьютер предложит перезагрузиться => перезагружаемся.

Также можно запустить командную строку от имени администратора:

В командной строке выполнить команду.

bcdedit /set hypervisorlaunchtype off

Нажимаем «Ввод/Enter». Перезагружаем компьютер. Если проблема не исправлена, то дополнительно открыть командную строку «WIN + R» и ввести команду «gpedit.msc», нажать «ОК». В открывшемся окне перейти в раздел «Политика Локальный компьютер => Конфигурация компьютера => Административные шаблоны => Система => Device Guard».

Здесь дважды кликаем по пункту «Включить средство обеспечения безопасности на основе виртуализации»:

В открывшемся окне выбираем пункт «Отключено» и нажимаем «ОК»:

Теперь запускаем гостевую операционную систему в VMware и наслаждаемся работой.

Читатель «Дмитрий» от 04.01.2018

Достаточно отключить на время работы VMWare Hyper-V в компонентах.

Читатель «Аноним» от 06.12.2018
Кому не помог этот способ — отключите изоляцию ядра в центре безопасности защитника windows

Читатель «ZZ» от 24.04.2019
Достаточно было выполнить следующую команду: bcdedit /set hypervisorlaunchtype off

Читатель «Аноним» от 09.01.2020
Для перехода назад на Hyper-V, к примеру для Docker, необходимо выполнить следующую команду: bcdedit /set hypervisorlaunchtype auto

Download Windows Speedup Tool to fix errors and make PC run faster

If when you try to power on the VM (Virtual Machine) inside VMware Workstation Player on Windows 11/10, you receive the error message VMware Workstation and Device/Credential Guard not compatible, then this post is intended to help you. In this post, we will present the solution you can try to help you resolve this issue.

VMware Workstation and Device/Credential Guard not compatible

When you encounter this error, the following full error message is displayed;

VMware Player and Device/Credential Guard are not compatible. VMware Player can be run after disabling Device/Credential Guard. Please visit http://www.vmware.com/go/turnoff CG DG for more details.

In Windows 11/10, Device Guard and Credential Guard are the new security features that are only available on Windows 11/10 Enterprise today. Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. If it is not a trusted application, it cannot run. Credential Guard uses virtualization-based security to isolate secrets (credentials) so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.

The Pro version of Windows 11/10 ships with Hyper-V, the in-house virtual machine solution from Microsoft built-into Windows. However, if you enable Hyper-V, it also enables the Credential Guard. Disabling the Hyper-V also disable the Credential Guard.

Based on the error message, you can see it indicates VMware Player can be run after disabling Device/Credential Guard. So, if you’re faced with this VMware Workstation and Device/Credential Guard not compatible issue on Windows 11/10, you can try the 2-step solution below to resolve the issue.

  1. Disable Hyper-V (if enabled)
  2. Disable the Device Guard Policy via Registry Editor

Let’s take a look at the description of each step.

1] Disable Hyper-V (if enabled)

To disable Hyper-V, do the following:

  • Press Windows key + R to invoke the Run dialog.
  • In the Run dialog box, type appwiz.cpl and hit Enter to open Programs and Features applet.
  • In Programs and Features, on the left-hand side, click Turn Windows features on or off.
  • In the Turn Windows features on or off popup that appears, uncheck Hyper-V.
  • Click OK.

Hyper-V will now be disabled from your computer.

  • Restart the computer and on boot, proceed with Step 2.

2] Disable the Device Guard Policy via Registry Editor

Since this is a registry operation, it is recommended that you back up the registry or create a system restore point in case the procedure goes wrong. Once you have taken the necessary precautionary measures, you can proceed as follows to resolve the VMware Workstation and Device/Credential Guard not compatible issue.

  • Press Windows key + R to invoke the Run dialog.
  • In the Run dialog box, type regedit and hit Enter to open Registry Editor.
  • Navigate or jump to the registry key path below:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
  • On the right pane, double-click the EnableVirtualizationBasedSecurity key to edit its properties.

If you don’t see the key, create it by right-clicking on a blank space on the right pane and then select New > DWORD (32-bit) Value. Rename the value name as EnableVirtualizationBasedSecurity and hit Enter.

  • Input 0 in the Value data field and hit Enter.
  • Next, navigate or jump to the registry key path below:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  • On the right pane, double-click the LsaCfgFlags key to edit its properties.
  • Input 0 in the Value data field and hit Enter.

You can now exit Registry Editor and restart your system.

You can be able to disable Device Guard policy using the Local Group Policy Editor, as well.

Once you have completed the procedure and restarted your computer, the VM should be running fine.

Read next: VMware Workstation and Hyper-V are not compatible.

Obinna has completed B.Tech in Information & Communication Technology. He has worked as a System Support Engineer, primarily on User Endpoint Administration, as well as a Technical Analyst, primarily on Server/System Administration. He also has experience as a Network and Communications Officer. He has been a Windows Insider MVP (2020) and currently owns and runs a Computer Clinic.

  • VMware Workstation and Device/Credential Guard are not compatible

В статье мы расскажем, почему не запускается виртуальная машина VMware WorkStation после обновления Windows, и дадим инструкцию по исправлению этой проблемы.

VMware Workstation and Device/Credential Guard are not compatible

Эта ошибка может возникнуть при запуске виртуальной машины VMware Workstation версии 12.5 и выше в Windows 10 версии 1909 и ниже. Причина ошибки в том, что Hyper-V несовместим с Workstation Pro и Workstation Player. Есть 2 способа решения этой проблемы:

  • обновление Workstation до версии 15.5.6 или выше,
  • отключение Hyper-V в Windows. 

Мы советуем обновить Workstation, так как этот способ проще.

Как обновить Workstation Player и Workstation Pro

  1. Запустите VMware Workstation.
  2. Интерфейс версий Player и Pro отличается, поэтому:
    — для обновления Pro-версии откройте меню Help и нажмите Software Updates:

    Обновление VMware Workstation Pro

    — для обновления версии Player нажмите Player. Затем в выпадающем меню наведите курсор мыши на Help и нажмите Software Updates:

    Обновление VMware Workstation Player

  3. Обновите программу.

Готово, вы обновили Workstation. Чтобы проверить, возникает ли в VMware workstation ошибка, запустите виртуальную машину.

Как отключить Hyper-V в Windows

  1. Нажмите Win + R, введите gpedit.msc и нажмите OK:
    Запуск gpedit.msc

  2. В левом меню перейдите в Административные шаблоныСистемаDevice Guard:
    Редактор локальной групповой политики в Windows

  3. Дважды кликните на «Включить средство обеспечения безопасности на основе виртуализации»:
    Параметры средства обеспечения безопасности на основе виртуализации

  4. Выберите «Отключено» и нажмите OK:
    Отключение средства безопасности на основе виртуализации

  5. При помощи встроенного в операционную систему поиска найдите и запустите утилиту «Включение или отключение компонентов Windows».
  6. В списке уберите галочку напротив компонента Hyper-V и нажмите OK:
    Отключение компонента Hyper-V

  7. При помощи встроенного в операционную систему поиска найдите командную строку и запустите её от имени администратора:
    Запуск командной строки от имени администратора

  8. Выполните следующие команды по очереди:
    bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
    bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
    bcdedit /set hypervisorlaunchtype off
  9. Перезагрузите компьютер и проверьте, возникает ли в VMware ошибка при запуске виртуальной машины.

Готово, вы решили проблему “VMware Workstation and Device”.

Some VMware Workstation and Vmware Player users are seeing the “VMware and DeviceCredential Guard are not Compatible” error when attempting to launch the application or when attempting to start a virtual machine. Most affected users have confirmed that the problem only started occurring after installing a pending Windows update.

VMware Player and DeviceCredential Guard are Not Compatible

When troubleshooting this particular issue, you should start this troubleshooting guide by disabling Hyper-V conventionally. You can do this either by disabling it via CMD or by relying on the GUI interface.

Another potential problem that might end up causing this issue is a local group policy called Virtualization Based Security that ends up blocking certain virtualization technologies. In this case, you can either use the Local Group Policy Editor to disable this policy or you can rely on Registry Editor to enforce this change.

However, if you’re encountering this issue on Windows 10, it’s likely that the problem is caused by inconsistency with the Boot Configuration Data. If this scenario is applicable, you can fix this problem by modifying the BCD file to eliminate any reference of Hyper-V.

In the event that you’re using Windows Defender, keep in mind that this WMware error can also occur due to a security feature called Core isolation. In this case, you can fix the issue by disabling Core Isolation from the Settings app or you can do it using Registry Editor.

Method 1: Disabling Hyper-V

According to various user reports, one of the most common causes that will trigger the “VMware and DeviceCredential Guard are not Compatible” error is a conflict between Hyper-V (Microsoft’s proprietary virtualization technology) and VMware. Keep in mind that both VMware and VirtualBox will pick their own virtualization technologies by default.

However, there is one Windows Update (KB4515871) that is known to force certain 3rd party applications to use Hyper-V – in VMware, this will end up producing the “VMware and DeviceCredential Guard are not Compatible” error.

If this scenario is applicable and you recently installed a Windows update that you think might be responsible for the newly appeared error, follow one of the guides below to disable Hyper-V in order to clear the way for VMware to use its own virtualization technology.

A. Disabling Hyper-V via CMD

  1. Open up a Run dialog box by pressing Windows key + R. Next, type ‘cmd’ inside the text box and press Ctrl + Shift + Enter to open up an elevated Command Prompt.
    Running the Command Prompt

    Note: Once you see the UAC (User Account Control), click Yes to grant admin access.

  2. Once you’re inside the elevated CMD prompt, type the following command and press Enter to disable the Hyper-V function on a system level:
    dism.exe /Online /Disable-Feature:Microsoft-Hyper-V
  3. After the command is successfully processed, close the elevated Command Prompt window and reboot your computer.
  4. Once the next startup is complete, open VMware and repeat the action that was previously causing the error.

B. Disabling Hyper-V via Powershell

There is also another way to enable or disable Hyper-V in Windows 10. To do it, please run PowerShell as administrator and then type the following commands:

bcdedit /set hypervisorlaunchtype off (disable Hyper-V)

bcdedit /set hypervisorlaunchtype on (enable Hyper-V)

C. Disabling Hyper-V via GUI

  1. Press Windows key + R to open up a Run dialog box. Inside the text box, type ‘appwiz.cpl’ and press Enter to open up the Programs and Features menu.
    Type appwiz.cpl and Press Enter to Open Installed Programs List
  2. Once you’re inside the Programs and Files menu, use the menu on the left-hand side to click on Turn Windows features on or off.
    Accessing the Windows features menu
  3. When prompted by the UAC (User Account Control), click Yes to grant administrative privileges.
  4. From the insides of the Windows Features menu, expand the drop-down menu associated with the Hyper-V folder. Next, uncheck the box associated with Hyper-V Management tools and Hyper-V platform before clicking Ok to save the changes.

    Disabling Hyper-V via the Windows Features screen
  5. Once you manage to disable Hyper-V from the GUI menu, restart your computer and see if the issue is resolved at the next computer startup.

If you still end up seeing the “VMware and DeviceCredential Guard are not Compatible” error when launching WMware Player / WMware Workshatiaon or when trying to mount a virtual machine, move down to the next potential fix below.

Method 2: Disabling Virtualization Based Security

If you followed the instructions above and you already confirmed that you’re not actually dealing with a conflict between Hyper-V and Vmware, it’s possible that you’re seeing the “VMware and DeviceCredential Guard are not Compatible” error due to the fact that your machine is enforced with Virtualization Based Security -This is required with certain virtual machine types.

This Virtualization Based Security is enforced through a policy via the Local Group Policy Editor. But keep in mind that by default, this utility is only available for Windows 10 PRO and older PRO equivalents.

Note: If you have a Home version, you can manually install the gpedit utility on Windows 10 home.

If the Local Group Policy Editor (gpedit) is available on your Windows version and you want to deploy this potential fix, follow the instructions below (sub guide A) to disable Virtualization Based security on via it’s dedicated policy.

In case you’re using a Home version and you don’t want to side-load the Local Group Policy Editor, follow the second guide (sub guide B) to disable Virtualization Based Security via Registry Editor.

A. Disable Virtualization Based Security via Gpedit

  1. Press Windows key + R to open up a Run dialog box. Next, type ‘gpedit.msc’ inside the text box and press Enter to open up the Local Group Policy Editor.
    Running the Local Group Policy Editor

    Note: When you are prompted by the UAC (User Account Control) window, click on Yes to grant admin access.

  2. Once you’re inside the Local Group Policy Editor, navigate to the following location using the menu on the left-hand side:
    Computer Configuration - Administrative Templates - System - Device Guard
  3. After you get to this location, move over to the right-hand side menu and double-click on Turn on Virtualization Based Security.

    Turning On Virtualization Based Security
  4. Once you’re inside the settings menu of the Turn On Virtualization Based Security policy, set it’s a toggle to Disabled and click Ok to save the changes.
  5. Once this security has been enabled, restart your computer and see if the issue is resolved at the next computer startup.

B. Disable Virtualization Based Security via Registry Editor

  1. Press Windows key + R to open up a Run dialog box. Inside the text box type ‘regedit’ and press Enter to open up the Registry Editor. When prompted by the UAC (User Account Control), click Yes to grant admin access.
    Running the Registry Editor
  2. Once you’re inside the Registry Editor, use the left-hand menu to navigate to the following location:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard

    Note: You can either navigate here manually or you can paste the location directly into the navigation bar and press Enter to get there instantly.

  3. After you arrive at the correct location, move to the right-hand section, right-click on an empty space, and chose New > DWORD (32-bit) value from the newly appeared context menu.

    Creating a new DWORD (32) bit value
  4. Name the newly created DWORD to EnableVirtualizationBasedSecurity, then double-click on it and set the Base to Hexadecimal and the value to 0 in order to disable Virtualization Based Security.

    Configuring the EnableVirtualizationBasedSecurity value
  5. Hit Ok to save the changes, then close the Registry Editor and restart your computer to see if the problem is now fixed.

In case you’re still encountering the same problem even after you’ve enabled virtualization-based security, move down to the next potential fix below.

Method 3: Modifying the BCD File

As it turns out, this particular issue can also be caused by inconsistency with the BCD (Boot Configuration Data) that ends up interfering with the 3rd party virtualization technology. Several affected users that were having the same problem have reported that the issue was suddenly resolved after they ran a couple of commands in an elevated command prompt.

These commands will ensure that the remnant of Hyper-V is not conflicting with the virtualization technology that VMware uses. Here’s what you need to do:

  1. Press Windows key + R to open up a Run dialog box. Next, type ‘cmd’ inside the text box and press Ctrl + Shift + Enter to open up an elevated Command Prompt.
    Running the Command Prompt

    Note: When you are prompted by the UAC (User Account Control), click Yes to grant administrative privileges.

  2. Once you’re inside the elevated Command Prompt window, type the following command in this exact order, and press Enter after each command to delete Hyper-V references from your BCD data:
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
    bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
    bcdedit /set hypervisorlaunchtype off
  3. Once every command has been processed successfully, restart your computer and see if the problem is now fixed.

In case you’re still seeing the same “VMware and DeviceCredential Guard are not Compatible” error, move down to the final fix below.

Method 4: Disabling Core Isolation

If none of the fixes above have worked for you, there is one final potential culprit that we haven’t taken care of until now. If you’re using Windows Defender, it’s possible that a security feature called Core Isolation is actually triggering the “VMware and DeviceCredential Guard are not Compatible” error.

Core isolation is essentially an extra layer of security that Windows Defender deploys in order to protect against sophisticated malware attacks that operate at a Kernel level.

Several affected users that followed through with the disablement of this security feature have confirmed that the problem went away entirely. But there is a disadvantage – you will be leaving your system exposed to some security exploits.

If you want to give this method a try, follow the first guide below (sub guide A) to disable Core isolation from the settings menu of Windows Security. If the Core isolation entry is greyed out, you can also do this via Registry Editor (sub guide B).

A. Disabling Core Isolation via GUI

  1. Open up a Run dialog box by pressing Windows key + R. Next, type ‘ms-settings:windowsdefender’ inside the text box and press Enter to open up the Windows Security tab (from Windows Defender) of the Settings app.
    Run dialog: ms-settings:windowsdefender

    Run dialog: ms-settings:windowsdefender
  2. Once you finally arrive inside the Windows Security menu, move over to the right-hand section and click on Device Security (under Protection areas).
  3. Next, scroll down through the list of available options and click on Core isolation details (under Core isolation).
  4. Once you’re finally inside the Core isolation menu, disable the toggle associated with Memory integrity (set to Off).
  5. After this modification is established, reboot your computer and see if the problem is fixed at the next computer startup by launching a virtual VMware machine once again.

Disabling Core Isolation via Settings menu

B. Disabling Core Isolation via Registry Editor

  1. Press Windows key + R to open up a Run dialog box. Next, type ‘regedit‘ inside the dialog box and press Enter to open up the Registry Editor. When you’re prompted by the UAC (User Account Control), click Yes to grant admin access.
    Running the Registry Editor
  2. Once you manage to get inside the Registry Editor, use the left-hand menu to navigate to the following location:
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard

    Note: If you want to save yourself some time, you can paste the entire location directly into the navigation bar and press Enter to get there instantly.

  3. When you arrive at the correct location, turn your attention to the right-hand menu and double-click on the Enabled key.

    Accessing the Enabled key
  4. Inside the Enabled value window, set the base to Hexadecimal and set the Value data to 0. Next, click Ok to save the changes.
    Setting the value data of Enabled to 0
  5. Once this modification is enforced, restart your computer and see if the problem is fixed at the next system startup.

” VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard. ” error might be familiar with the VMware workstation users.

I ran in to this problem while I was starting to use my VMware workstation 14 pro on Windows 10 and it was throwing this error when I’m booting up the Virtual Machine. Actually, it was giving the direct VMware Knowledge base article to follow the steps to resolve it. But I thought to write this up to help all those who look for a step guide to fix the error.

This was the appeared error message in my Virtual Machine.

VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard. Please Visit http://www.vmware.com/go/turnoff CG DG for more details.

I had to disable the Device/Credential Guard in my local group policy and I opened a “run” prompt by pressing Win Key + R and typed ” gpedit.msc ” to open the local group policy editor.

VMware Workstation and Device/Credential Guard are not compatible. : gpedit.msc

Once it opened up the Local group policy editor, navigate to ” Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard ” and open the ” Turn on Virtualization Based Security ” setting by double click on it.

VMware Workstation and Device/Credential Guard are not compatible. : Setting

Set the setting to ” Disabled

VMware Workstation and Device/Credential Guard are not compatible. : disabled

Opened a Command Prompt elevating the “Administrative Privileges” and run the below piece of command

mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d

This X: should be an unused drive and if it is in use make sure to use another drive letter which is not in use.

VMware Workstation and Device/Credential Guard are not compatible. : CMD

Hyper-V role was not installed on my system, if it is installed make sure to disable it before you restart.

VMware Workstation and Device/Credential Guard are not compatible. : Hyper-V

Rebooted the Computer and at the login screen it prompted to accept the change and pressed F3 and Operating system loaded without issues, after that my Virtual Machine started correctly.

If you found this post as useful please rate the post and share it!

Понравилась статья? Поделить с друзьями:
0 0 голоса
Рейтинг статьи
Подписаться
Уведомить о
guest

0 комментариев
Старые
Новые Популярные
Межтекстовые Отзывы
Посмотреть все комментарии
  • Amd ryzen 5 5500u windows 11
  • Gpt не загружается windows 10
  • Почему нет wifi на ноутбуке windows 10
  • Как правильно завершить работу в операционной системе windows ответ тест
  • Питон приложение на windows