W11 Enable vTPM in vSphere 8.0 and Workstation
After some time off, doing things with my own business “t4-itsupprt” I found a new topic to share regarding Windows 11 and VDI in a nested ESXi environment with VMware Workstation.
As some of you knowing that I’m using VMware workstation in combination with a custom desktop tower to run vSphere nested. (virtualization on virtualization) At this point I’m creating a new Master image with Windows 11.
- Virtual TPM must be enabled on Workstation (For ESXi)
- TPM must be enabled on vCenter
- A new virtual machine with a TPM
How to enable virtual TPM on workstation
Lets see if we can add the Trusted Platform module. At this moment we can’t add the TPM to the virtual machine. The host machine (desktop) does not have a physical tpm chipset. Therefore we need to encrypted the machine.
To enable TPM we need to enable encryption of the virtual machine with the following steps:
- Edit the virtual machine
- Go to “options”
- Select “Access Control”
- Start the encryption
- Encrypt only the files that are needed to support the TPM encryption. This option reduced the amount of storage needed
- Specify a self-made password, Write down this password in a secure location “Password managers etc..”
- After encryption, you can add the trusted platform module.
The TPM has been added to the virtual machine
Powered-on the machine
On vCenter, please follow the next steps:
- Go to the vCenter
- Select Configure
- Go to Key Providers
- Add a native or your own standard Key Provider. In this case (test environment) We will go for the Native key provider
- Give it a name
- IMPORTANT Back-up the Native key provider and use a complex password.
- When skipping this task, you cannot add a machine with the TPM at vCenter.
Create a new virtual machine based on Windows 11 64 bit. The TPM will be automatically added to the machine.
After installing Windows, check if the vTPM works on the guest os.