New
#1
Inadvertently created a Hyper-V Shielded VM
Well here's an interesting twist. I appear to have inadvertantly created a Hyper-V Shielded VM, one that cannot be imported and run on any Host except the one it was created on.
https://docs.microsoft.com/en-us/win...d-shielded-vmsMicrosoft said:
On this Host machine (W10 Pro, 19043.1288) there are three VMs. The first two can be exported then imported to any Host, only the latest one is a Shielded VM. It is probably no coincidence that it is the only new VM I have created since enabling TPM in the Host machine's bios. I have tried importing it into two Host machines with the same results, one W11 Pro, the other W10 Pro.
The VM's hard drive is not even encrypted by BitLocker, it's s W11 Home VM so doesn't have BitLocker capabilities. As there is no BitLocker involved, it seems I can run the VM if I turn off the virtual TPM in the VM's settings, though that's hardly useful if I want to fully test a W11 VM
It appears that one solution is to export the Certificates from the original Host and import them to the new Host, but I'd much rather 'un-shield' the VM if that's possible.
Hyper-V 2016 Shielded Virtual Machines on Stand-Alone Hosts