none
Enable vTPM on Hyper-V Server 2016

    Question

  • Hi,

    I am trying to run VM with vTPM on free Hyper-V Server 2016 (most recent version), but I can't get it to work. It allways tell's me, that VM cannot start, because isolated user mode is off. I've tried almost everything I can think (and google :) ) for.

    I've tried https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx or https://charbelnemnom.com/2016/06/whats-new-in-powershell-for-hyper-v-in-windows-server-2016-technical-preview-5-hyperv-powershell-ws2016/, turning on Device Guard in GPO

    My goal is simple - to have the option to run VMs with TPM. I don't have guarded fabric and I don't want to build one. 

    Any idea how to enable isolated user mode on Hyper-V Server 2016 (the free standalone hypervisor, not Standard or Datacenter)?

    George

    Tuesday, February 14, 2017 6:58 PM

All replies

  • Hi George,

    I have seen posts of similar requirement. But I'm afraid the configuration failed and it seems there are no solutions currently.

    I would share the information if I found any solutions or official documents.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 15, 2017 2:07 AM
    Moderator
  • Hi Leo,

    Thank you for your answer. I have the same experience, but all posts I've found were three or more months old. So I've thought that there could be some sort of workaround now.

    Strange thing is, that on my admin machine (Win 10 Enterprise 1607) vTPM works fine without any aditional configuration. I've just checked Enable Trusted Platform Module in VM config and voiala. One important difference could be in fact, that my admin machine have physical TPM and the machine with Hyper-V server don't.

    I haven't tried the same thing on the full Windows Server yet. One possible cause could be the free Hyper-V. I don't know if it supports to be a part of full guarded fabric, but if not, there is a big chance, that some of the core features are missing in the Hyper-V server and therefore vTPM fails.

    George

    Wednesday, February 15, 2017 10:49 AM
  • Hi George,

    >> One possible cause could be the free Hyper-V. I don't know if it supports to be a part of full guarded fabric

    Probably. All the related guides I could find are talking about Server 2016, not Hyper-V 2016.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 16, 2017 5:41 AM
    Moderator