” VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard. ” error might be familiar with the VMware workstation users.
I ran in to this problem while I was starting to use my VMware workstation 14 pro on Windows 10 and it was throwing this error when I’m booting up the Virtual Machine. Actually, it was giving the direct VMware Knowledge base article to follow the steps to resolve it. But I thought to write this up to help all those who look for a step guide to fix the error.
This was the appeared error message in my Virtual Machine.
VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard. Please Visit http://www.vmware.com/go/turnoff CG DG for more details.
I had to disable the Device/Credential Guard in my local group policy and I opened a “run” prompt by pressing Win Key + R and typed ” gpedit.msc ” to open the local group policy editor.
Once it opened up the Local group policy editor, navigate to ” Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard ” and open the ” Turn on Virtualization Based Security ” setting by double click on it.
Set the setting to ” Disabled ”
Opened a Command Prompt elevating the “Administrative Privileges” and run the below piece of command
mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d
Hyper-V role was not installed on my system, if it is installed make sure to disable it before you restart.
Rebooted the Computer and at the login screen it prompted to accept the change and pressed F3 and Operating system loaded without issues, after that my Virtual Machine started correctly.
Reference:
If you found this post as useful please rate the post and share it!
Gabor Marko
August 1, 2018I followed the same on a Windows 10 laptop and disabling Hyper-V triggered the drive encryption solution (Dell Data Protection) to make the data inaccessible as it noticed a config change. See KB https://www.dell.com/support/article/us/en/04/sln292914/
Reza Maleki
September 6, 2018tank you very much for shared information . tank for very good step by step description.:)
Utnapistim Yilmaz
October 4, 2018Hi, NOT your fold, VMWARE disabled the link to “VMware KB (2146361)” – the page stays blank. Same of course for all other tips that use that link
Sumit
October 9, 2018This error message prompted VMware workstation and device are not compatible.VMware workstation can be run after disabling device guard
I follow all your steps
Pls resolved my issue I have more problem to use
Please help me
Aruna Lakmal
October 10, 2018Sumit, did you reboot the PC after following these steps? What are the other issues? Please feel free to let me know, I might be able to assist you.
Gollapalli Venkateswar reddy
November 24, 2018whenever i tried to open the vmware i got like this
VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard.
after i had disabled then executes command
access dened below this msg happened
\Users\MyPc> mountvol X: /s
The parameter is incorrect.
C:\Users\MyPc>
C:\Users\MyPc> copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
The system cannot find the drive specified.
C:\Users\MyPc>
C:\Users\MyPc> bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d “DebugTool” /application osloader
The boot configuration data store could not be opened.
Access is denied.
C:\Users\MyPc>
C:\Users\MyPc> bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path “\EFI\Microsoft\Boot\SecConfig.efi”
The boot configuration data store could not be opened.
Access is denied.
C:\Users\MyPc>
C:\Users\MyPc> bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
The boot configuration data store could not be opened.
Access is denied.
C:\Users\MyPc>
C:\Users\MyPc> bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
The boot configuration data store could not be opened.
Access is denied.
C:\Users\MyPc>
C:\Users\MyPc> bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
The boot configuration data store could not be opened.
Access is denied.
C:\Users\MyPc>
C:\Users\MyPc> mountvol X: /d
Access is denied.
C:\Users\MyPc>
Aruna Lakmal
November 24, 2018Run your Script with “Run as Administrator” prompt. Just try and share the status.. I hope this will fix your issue. 🙂
Damon Dawson
June 15, 2019My guess is you have an AMD processor (like me). See my comments below on how to fix this. Note: After running the command, VMware Workstation now works, however, this breaks the new Sandbox feature in Windows 10.
Aruna Lakmal
June 18, 2019Thanks for the collaborative feedback! Damon.
Nicholas Kurian
October 11, 2018I’ve tried all the steps mentioned in this site but am still facing the same issue. I’ve gone through a lot of links for the past 2 days and would really appreciate if you could help me out. ANY ideas/suggestions would be highly appreciated.
Aruna Lakmal
October 13, 2018Nicholas, It’s sad to hear that it didn’t fix the issue. Can you share more information about the error so we can look in to that. Are you getting the same error? Have you rebooted the PC after executing the command?
Nicholas Kurian
October 13, 2018I was able to solve it. Thanks for the reply.
Aruna Lakmal
October 13, 2018Glad to hear that it was resolved!
Dave
October 18, 2018This worked for me! I had a BIOS update (Gigabyte) and a major Windows 10 update (1803) between starts of VMWare so I don’t know if BIOS or Windows was the cause, but I started a previously-working VMWare Workstation Pro one morning and saw the error popup.
I did not have to do the mount fake volume and do BCD Edits… I just changed Group Policy and disabled Hyper-V feature.
Thanks very much Aruna!
Aruna Lakmal
November 1, 2018Glad to hear that Dave! Thank You for your comment! 🙂
Ciljo Joseph
October 29, 2018Thank you! It worked for me
Jeet
October 30, 2018Hello Sir,,, I’ve followed steps given by you but still facing same issue.. I’ve tried everthing so sir please Help me …
Aruna Lakmal
November 1, 2018Jeet, I hope we discussed this over the messenger and what was the update? were able to get the prompt after the reboot as I explained?
Jim
October 31, 2018Hello all,
when i run the commands appears the below msg
The boot configuration data store could not be opened.
Access is denied.
Why?
Aruna Lakmal
November 1, 2018Hi Jim
Thank you for raising your concern. Honestly, not sure it is something related to this. I just searched and found this Microsoft thread and it was answered could you give it a go and see whether you can resolve the problem. Please share your thoughts after this.
Here is the Community article: https://answers.microsoft.com/en-us/windows/forum/all/error-the-boot-configuration-data-store-could-not/9e995bc8-141c-4ed0-9b17-2dbe92369202
JD reibexo
November 1, 2018On Windows 2016 Datacenter [Version 10.0.14393] not working your mountvol syntax:
mountvol x: /s
The parameter is incorrect. I don’t have any unused drives to test.
Aruna Lakmal
November 1, 2018Not sure, Server version is compatible with this and this is the workaround for the Windows 7 and it worked in many scenarios. It’s better to check with the OS flavor to confirm the availability.
I hope you are referring to Windows Server 2016 (Windows 10 Pro also have the same version), Interesting question is why you need Workstation on a Windows Server, can’t you work with hyper-V instead of that? Is there any specific reason to use Workstation over Hyper-V?
Nicaise Vincent
November 6, 2018Bonjour,
Un tout grand merci.
Ça fonctionne à nouveau.
j’ai ramé pendant 4 heures.
avec votre solution 10 minutes.
Parfait
Aruna Lakmal
November 6, 2018Heureux d’entendre que cela a été résolu avec mon aide!
dire
December 7, 2018Hi
Followed your instructions and the VMWare works fine but some other issues appeared.
Can you please tell me how to revert the changes?
I will appreciate your quick response!
Aruna Lakmal
December 7, 2018Try to revert the Group Policy Change you made. If you don’t mind I’d like to know what are the other issues appeared after this?
dire
December 7, 2018Thank you so much for your quick resposne!
My apps don’t seem to find my user settings, I need to sign in every time I restart the pc.
Reverting the group policy didn’t revert it.
I will be happy to consult you personally if possible and I could tell you more about the problem occurred.
Aruna Lakmal
December 7, 2018Sure! Why not.. Drop me an email we will see what we can do to fix your problem. Please share some more information about your app and the background of the usage. Thank You for reaching out to me.
dire
December 7, 2018Great!
I can’t find your email address.
Aruna Lakmal
December 7, 2018Check your mail box 🙂
Beb
December 29, 2018Hey I copied and pasted the script for elevating administrative privilege, and I did not change the letter X to C…my computer just stopped working and when I restarted it the screen did not turn on… any way to reverse the steps?
Aruna Lakmal
December 30, 2018Oops! Really sorry to hear that It caused the problem. Only think that comes to my mind is repair your computer with “Last known Good Configuration (advanced) option. Try that out and see…
Kevin
January 17, 2019When I run all of these steps it does fix my issue. However, everything seems to revert back with my next reboot. “Turn on virtualization based security” returns to not configured instead of disabled and then I have to run the commands again. Is my enterprise group policy overwriting this? If so, do you know what needs to change to stop this from reverting back?
Aruna Lakmal
January 18, 2019Hi Kevin, Thank you for the comment! Honestly, I experience the same situation and it can only be resolved with the group policy which needs to work with AD team. Until that we have to keep running the script over and over again. If I got something other than, definitely I’ll let you know!
swapnil
February 8, 2019Hi, I followed all the steps, rebooted and still throwing same error. If I do msinfo32 it still shows ‘virtualization based security sevices configured’ option set to credential guard, hypervisor enforced code integrity
swapnil
February 8, 2019Didnt work for me, the registry key is changing back to 1 after some time and I still get the same error
Aruna Lakmal
February 10, 2019Hi Swapnil
If your Organization Group Policy is enforcing the change again back to the previous setting you might be seeing the issue again. All you have to do is just run the script again, reboot and disable the device security with F3. Unfortunately, You have to do it whenever it change the setting.
Also, please note that this is a workaround for the issue and if I found a permanent fix for this, I will update it in my blog!
Thank you for sharing your experience here in my blog!
Finbarr Saunders
May 7, 2019Thanks this was the only one of many articles on the subject that actually worked! Very well written and clear.
Aruna Lakmal
May 9, 2019Hi Finbarr
I really appreciate your kind words. Glad to hear that I was able to help you. 😊
Rohit Sharma
May 22, 2019I have same issue and above solutions are not working for me
Aruna Lakmal
May 24, 2019Really? Did you reboot and Press the “F3” at the start up?
sanba06c
May 22, 2019It worked like a charm! First, I followed the instructions from VMWare but it failed. Then, your useful article resolved the issue.
Aruna Lakmal
May 24, 2019Great! Glad to hear that!
Thank you very much for the comment!
David Weidner
May 22, 2019This is the only article, out of many I read, that solved this problem for me. One detail the author pointed out was the command line code that references drive X:. My system had an X: drive mapped, so his note prompted me to checnge the drive letter, and everything worked. Thanks!
Aruna Lakmal
May 24, 2019Wow Nice feedback David!
Glad to hear that my post helped you.
Will
June 4, 2019My Group Policy Editor doesn’t have the Device Guard folder
Aruna Lakmal
June 5, 2019Really, that’s strange! What is the operating system version you are using?
Will
June 5, 2019Windows 10 1809.
I just swapped to VMware Player 15 recently, it worked fine with all of the versions of 14 on my computer.
All of the tips on the Microsoft article that VMware linked didn’t help me at all.
Aruna Lakmal
June 6, 2019Hi Will
Sorry to hear that and I have no clue at this point about the situation and why you can’t see the Group Policy Editor. I’ll search bit about this and I will personally let you know. I’m sure that it is not something to do with VMware Player.
Probably you already have gone through this Microsoft Article, but I’d like to confirm with you have you followed this article I found in the Microsoft.
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage
Will
June 11, 2019I’ve already gone through it, and still didn’t work.
Aruna Lakmal
June 14, 2019Did you reboot and press the “F3” to disable the device credential at the boot up ?
Will
June 14, 2019“F3” does nothing during boot up.
Aruna Lakmal
June 18, 2019Do you have an AMD Processor system, one of my followers had the similar situation and fixed it with different approach, checkout the comments, may be it’ll help you.
William Owen
June 18, 2019I had to wipe my computer due to unfortunate circumstances, and that ended up fixing my problems. It seems like a fresh install of VMWare and Windows 10 fixed it.
Aruna Lakmal
June 18, 2019Really! But lot of work. Anyway glad to hear that it was resolved however.
Damon Dawson
June 14, 2019I’m running Win 10 Enterprise, 1903 (Build18362.175), I open a command prompt with “Run as administrator” and the first command in your script throws an error:
C:\WINDOWS\system32>mountvol X: /s
The parameter is incorrect.
When using mountvol /? I get the following output:
C:\WINDOWS\system32>mountvol /?
Creates, deletes, or lists a volume mount point.
MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
MOUNTVOL [drive:]path /P
MOUNTVOL /R
MOUNTVOL /N
MOUNTVOL /E
path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.
/P Removes the volume mount point from the specified directory,
dismounts the volume, and makes the volume not mountable.
You can make the volume mountable again by creating a volume
mount point.
/R Removes volume mount point directories and registry settings
for volumes that are no longer in the system.
/N Disables automatic mounting of new volumes.
/E Re-enables automatic mounting of new volumes.
Possible values for VolumeName along with current mount points are:
\\?\Volume{e0814017-0000-0000-0000-100000000000}\
*** NO MOUNT POINTS ***
\\?\Volume{023f2e07-93a1-4711-b0ac-0dcf997b312e}\
D:\
\\?\Volume{e0814017-0000-0000-0000-602200000000}\
C:\
\\?\Volume{fc784186-8e68-11e9-9508-806e6f6e6963}\
E:\
\\?\Volume{fc78417a-8e68-11e9-9508-806e6f6e6963}\
F:\
C:\WINDOWS\system32>mountvol X:
Creates, deletes, or lists a volume mount point.
MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
MOUNTVOL [drive:]path /P
MOUNTVOL /R
MOUNTVOL /N
MOUNTVOL /E
path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.
/P Removes the volume mount point from the specified directory,
dismounts the volume, and makes the volume not mountable.
You can make the volume mountable again by creating a volume
mount point.
/R Removes volume mount point directories and registry settings
for volumes that are no longer in the system.
/N Disables automatic mounting of new volumes.
/E Re-enables automatic mounting of new volumes.
Possible values for VolumeName along with current mount points are:
\\?\Volume{e0814017-0000-0000-0000-100000000000}\
*** NO MOUNT POINTS ***
\\?\Volume{023f2e07-93a1-4711-b0ac-0dcf997b312e}\
D:\
\\?\Volume{e0814017-0000-0000-0000-602200000000}\
C:\
\\?\Volume{fc784186-8e68-11e9-9508-806e6f6e6963}\
E:\
\\?\Volume{fc78417a-8e68-11e9-9508-806e6f6e6963}\
F:\
It doesn’t appear that /s is valid. Any suggestions?
Damon Dawson
June 15, 2019I’ve not had any luck at getting past this issue. I would appreciate any help anyone can give.
Note: My system does not have UEFI BIOS so Legacy is the only option I have.
I’m running the most recent version of Windows 10 (Build 1903).
I did set “Turn On Virtualization Based Security” to “Disabled” in local policy via gpedit.msc.
However, the command “mountvol X: /s” does not work and throws the following error: “The parameter is incorrect”.
Because of this I was not able to complete all the bcdedit commands.
Any suggestions?
Damon Dawson
June 15, 2019According to https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/mountvol “mountvol /s only applies to Itanium-based and I’m running AMD processors. I’m not sure if there would be a different set of instructions needed for this config. My system also does not have an “UEFI” BIOS. So I’m not sure if the path “\EFI\Microsoft\Boot\SecConfig.efi” would even apply to my system.
Damon Dawson
June 15, 2019If you have an AMD processor follow these instructions because the “mountvol /s only applies to Itanium-based systems. Here’s what I did to get the latest version of VMware Workstation 15 to work with Windows 10, Build-1903 to work:
1. Disable “Virtualization Based Security” in GP (either via an AD GPO or use gpedit.msc to edit local policy on the host system) as shown above.
2. Open a command prompt with “Run as Administrator” and type: bcdedit /set hypervisorlaunchtype off.
3. Reboot host system.
Damon Dawson
June 15, 2019This seems to break the new Sandbox feature of Windows 10, which I was looking forward to using. 🙁 However, VMware Workstation is so much more important. I’m sure VMware will be addressing this issue in a future release and then I’ll be able to re-enable Device Guard and Sandbox.
Aruna Lakmal
June 18, 2019Hi Damon
Yes, I hope so. I will take a look on the Sandbox thing and will keep you posted!
Aruna Lakmal
June 18, 2019Thank You very much your comments and you reached out to me in Facebook, explained the situation. Sorry about the late response due to the time difference. Glad to see your great feedback and I’ll definitely update my post with your findings. Thanks for sharing!
JItendra
June 26, 2019This article helped me to resolve this issue. Many thanks !
Aruna Lakmal
June 28, 2019Hi Jitendra
Wonderful! Nothing is pleasing me other than a successful comment 🙂
Pierre Laurier
June 27, 2019Saved my day, thanks a bunch !!!
Only at MS you can have a feature ‘active’ when it’s ‘not configured’… can’t believe that.
Aruna Lakmal
June 28, 2019Hi Pierre
Glad to hear that it was resolved!
eduardorodriguez27
October 3, 2019Thankyou so much!!!!!! I really mean it, I got mi laptop reimaged by company and then installed vmware, then I spent more than 2 hours following instructions to solve that problem, i also tried with virtualbox and an ubuntu vm but i had a lot more issues…. I gave it one last chance and found your site and solution! thank you so much you are the best!!!!!!!!
Aruna Lakmal
October 3, 2019Wow Glad to hear that! Thank you for your wonderful comment!
O Tempora
November 12, 2019Thanks a million! I’d been to a number of sites trying to resolve this, and yours was the one that finally worked. (It took a few minutes to realize your DOS code was copyable.)
Still, I wonder what I actually did. 😉
Aruna Lakmal
November 14, 2019Great! of course you can copy it. Thanks for the comment!
Alex
January 14, 2020Interestingly enough, VMWare had no issues running on a fresh install of Win 10 Pro build 18363. It wasn’t until I added the optional feature Windows Sandbox that this error message started popping up. Credential Guard/Device Guard was not active before or after Sandbox, so this alert from VMWare was a pain to figure out. Uninstalling Windows Sandbox didn’t help, but the above steps did.
Also, the VMWare article appears to have been edited – the steps are no longer present. Infuriating.
Aruna Lakmal
January 14, 2020Great! 👍
ravi
April 3, 2020thanks Bro. i struggled for 7 days before landing to this page. And upon implementing the things you told it worked fine. Thanks again!!
Aruna Lakmal
April 15, 2020Wow! Nice… Glad to help you out! 😊
Sparsh Owlak
April 8, 2020Hi Aruna, I was working on some project which was there in my VM. I tried many blogs including articles from Microsoft and VMware but nothing worked. But after I followed this blog, I was able to run the VM smoothly. you saved my months of work. Thank you
Aruna Lakmal
April 15, 2020Hi Sparsh
That’s exactly my intention and glad I could help you to save sometime!
rafa
May 15, 2020I didn’t find device gurad . How can I solve this problem?
Aruna Lakmal
May 20, 2020What is the flavor of your operating system?
gptshubham595
July 12, 2020QUICK SOLUTION EVERY STEP:
Fixed error in VMware Workstation on Windows 10 host Transport (VMDB) error -14: Pipe connection has been broken.
Today we will be fixing VMWare error on a windows 10 computer.
In RUN box type “gpedit” then Goto [ERROR SEE POINT 3]
1- Computer Configuration 2- Administrative Templates 3- System – Device Guard : IF NO DEVICE GUARD : (DOWNLOAD https://www.microsoft.com/en-us/download/100591 install this “c:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)\PolicyDefinitions” copy to c:\windows\PolicyDefinitions ) 4- Turn on Virtualization Based Security. Now Double click that and “Disable”
Open Command Prompt as Administrator and type the following gpupdate /force [DONT DO IF YOU DONT HAVE DEVICE GUARD ELSE IT WILL GO AGAIN]
Open Registry Editor, now Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard. Add a new DWORD value named EnableVirtualizationBasedSecurity and set it to 0 to disable it. Next Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA. Add a new DWORD value named LsaCfgFlags and set it to 0 to disable it.
In RUN box, type Turn Windows features on or off, now uncheck Hyper-V and restart system.
Open command prompt as a administrator and type the following commands
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d “DebugTool” /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path “\EFI\Microsoft\Boot\SecConfig.efi”
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set hypervisorlaunchtype off
Now, Restart your system
JoKeR
October 1, 2020Made my day
Naaz
February 18, 2021Thank you so much for this post! It helped me after 2 days of complete struggle. However, I found this same as any other article. But thank god! it worked.
Aruna Lakmal
February 23, 2021Thanks for the reply!