VMware vSphere 7 Update 3 and Microsoft Windows 11 both arrived on October 5 2021, many great lessons learned the hard way but testing is going well
Notes added on July 20 2022 - Warning, bypassing TPM isn't recommended, proceed at your own risk. See also TinkerTry commenter blogthis who wrote this warning below this article:
You definitely do NOT want to use one of those Windows 11 hacks to bypass TPM 2.0 and CPU checks for install. They were intended only for Microsoft-internal developers working on the Win11 project, before vTPM's came along. As an end-user, by using those dev hacks, one day you will NOT get future Windows 11 Updates. Basically it's a time-bomb that one day will basically shut you down. IMHO, it's not worth the risk.
The integrated support of VMware vSphere 7.0-Update2+ adding vTPM 2.0 is fully supported, regardless of your real host/server CPU, under the Microsoft virtualization enterprise support contracts - so in the "real world" this means that's the ONLY solution. Of course Microsoft wants you to use Hyper-V instead, but let's not debate that one....
Article as it originally appeared below.
To my delight and surprise, both VMware vSphere 7.0 Update 3 and Microsoft Windows 11 went GA on the same exact day, October 5 2021!
Windows 11 has had quite a bit of attention since it's release as a Windows Insider Preview, and much of the controversy has surrounded the ability to run it under systems without TPM 2.0 or with CPUs as little as 3 years old. All that aside, what about running it as a VM? Specifically, does it work fine under VMware vSphere, using the latest ESXi 7.0 Update 3? Let's find out!
For some context here, back on August 2 2021, Al Rasheed asked me if this helps, in response, I wrote:
It sure does, thank you @al_rasheed!
I've prepended a link to Al's clean-install-from-ISO method https://TinkerTry.com/windows-11-as-ws-11-as-a-vmware-esxi-vm
It'll be interesting to see if UEFI, Secure Boot, and maybe even vTPM
will all be required once Windows 11 goes GA late 2021
Of course, I was like a kid in a candy store this week, downloading all those bits to get cracking on some serious home lab testing, in hopes of soon declaring these fresh bits TinkerTry'd. Finally the uncertainty about CPU and TPM restrictions would soon be resolved, with all the tools needed to get some answers for myself. Not only was I curious about whether it would all work out, but would both work well super popular SuperServers Bundles? I use two of these actively on a daily basis, Bundle 1 Xeon D-1567 12 core as my primary Windows 10 Workstation, Bundle 2 Xeon D-1541 8 core as my VMware vSphere Datacenter. Both are based on the Supermicro SuperServer SYS-5028D-TN4T mini tower.
INITIAL LAB TESTS
- UPDATE VSPHERE ON XEON D-1541 - get VCSA and ESXi both updated to 7U3
- UPDATE WIN 11 VM - get my Windows 11 Developer Preview updated to Windows Version 21H2 (OS Build 22000.194), easy, Windows Update took care of that
- FRESH INSTALL WIN 11 VM - get a fresh install of Windows 11 going in my new vSphere 7.0 U3 lab, see if Windows 11 shows in the drop-down menu, and experiment with ways around TPM
- FRESH INSTALL WIN 11 ON XEON-D-1567 - download the Windows 11 ISO, edit my registry, and beat my unsupported CPU and TPM-less Supermicro SuperServer to run Windows
That 4th topic will be covered in a future article, it's going well so far. After multiple failures, ultimately this technique got the job done, albeit at the risk of a loss of support from Microsoft. Until I get that written, I'll just note here that downloading a replacement
appraiserres.dll or editing my windows installation ISO was not of any interest to me personally, the risk is just too high. Editing the registry of running Windows or Windows installer is legit, and documented by Microsoft. That said, what ultimately worked for me for my upgrade from Windows 10 was done using a legible PowerShell tweak, followed by a very normal upgrade. Unfortunately, because of the reboot, my Camtasia screen recording of that process was lost. Very bummed about this, as usually Camtasia Recorder can recover recordings after a reboot stops recording, but not this time.
VMware vSphere works well on Xeon D-1500 systems, and it's already on the VMware Hardware Compatibility Guide here, which means that even after 6 years, you are still able to open a trouble ticket and get official VMware support should the need arise, this is great!
My testing of VMware vSphere 7.0 Update 3 has gone more smoothly than all prior 7.x releases, this is good! Some minor issues noted below.
In the image up at the top of this article, you'll see a red "Backup job status" warning. For mysterious reasons, my daily backups stopped working after the upgrade, I need to spend some time figuring out why, or just reconfigure the daily scheduled backups using VAMI to see if I can get them going again. You'll also notice a Skyline Health warning, it's just the generic "Concurrent-context attack vector vulnerability in Intel processors" warning you'd get on most any home lab system that haven't had every single hardware and software risk mitigation strategy applied. Oct 12 2021 UPdate - I tried reconfiguring my VCSA backups, and I get "Path not exported by the remote filesystem." error
On my Windows 11 workstation (not VM), I use a 4TB Sabrent SB-ROCKET-4TB M.2 NVMe drive. I also noticed that replacing the generic Windows NVMe driver that the Phison NVMe Drver v18.104.22.168 gives a nice performance boost, but is also breaks the ability for Sabrent Rocket Control Panel from "seeing" my drive at all now, so its native speed and firmware checker functionality is broken.
I have the ability to add a TPM 2.0 chip to my SuperServer, but I wanted to see whether folks who don't have one could install Windows 11 anyway. The answer is yes, details below.
I don't have the ability to change my CPU for this SoC (System on Chip) Xeon D-1500 design, so I'm not going to be supported by Microsoft whether I do the TPM override, CPU override, or both. See screenshot at right, the results of running the latest Oct 7 version of Microsoft's PC Health Check.
I haven't notice any bugs of the showstopper variety, at least not yet. I'm running both Windows 11 VMs and a Windows 11 bare metal (upgrade) install on my Xeon D-1567. I've definitely noticed some triple-monitor window placement handling advancements that I'm quite fond of already, read below for details.
As for cosmetic stuff, I noticed:
- Under Personalization, Taskbar, my "When using multiple displays, show my taskbar apps on" was set to "Taskbar where window is open", but before the upgrade, it was set to "Main taskbar and taskbar where window is open"
- SoftPerfect Networx no longer shows a Taskbar graph, and no newer version than 6.2.10 is available, with Windows 11 not in their list of operating systems yet either. The rest of the product functionality works just fine. Sadly, this isn't just a known issue, but since Microsoft removed the extension functionality from the Taskbar, it's unlikely to be fixable.
So my answers below are focused on the first 3 lab tests listed above. I learned a bunch these past 48 hours, and took some notes right on Twitter that you might find helpful, listed sequentially below. I've also copy and pasted the tweets below as well, to make it easier to find this information right here at TinkerTry.
I've also recorded a new video below using an alternative technique Install Windows 11 as VM on VMware vSphere / Workstation without TPM 2.0 chipset by Ivo Beerens. He's gone and written another article already, see also equally spectacular Install Windows 11 on VMware vSphere with a virtual TPM, where he starts by saying:
Yesterday I wrote a blog called "Install Windows 11 as VM on VMware vSphere / Workstation without TPM 2.0 chipset". In this blog article, I explained how to install Windows 11 without having a TPM 2.0 chipset by using a registry hack. Paul Braren from tinkertry.com created a cool video (link) about installing Windows 11 on VMware vSphere using my blog article. Bob Plankers (@plankers) replied on Twitter that virtual TPM can be used too.
Thank you Ivo, it's helpful members of the #vCommunity like you that make blogging so much fun for all of us!
Please let us know if you have questions by dropping a comment below this article, and thank you for your readership!
Oct 28 2021 Update
I discovered this KB 86069 today, no more mystery why my daily backups are failing!
- VAMI Backup with SMB reports error: "Path not exported by the remote filesystem" (86069)
This is a known issue on vCenter 7.0 Update 3.
Impact / Risks
VAMI backup fails when using SMB as protocol.
VMware Engineering is aware of this issue, it is currently under investigation.
Please subscribe to the KB article to get notified on changes.
Also, after using VAMI to update to VCSA 7.0U3a, the issue is still there, so it's not mentioned in the release notes. Here's my related Oct 22 tweet:
VMware vCenter Server 7.0 Update 3a Release Notes
Many changes, this good one caught my eye, likely applies to new Windows 11 VMs as well! See also
See also at TinkerTry
- All vSphere 7 articles
- All vSphere 7 videos
- How to update any VMware ESXi Hypervisor to the latest using ESXCLI for easy download and install
Aug 14 2018, updated Aug 20 2019
Sep 07 2012
- Securing Virtual Machines with Virtual Trusted Platform Module
Updated Dec 15 2020 at VMware Docs
With the Virtual Trusted Platform Module (vTPM) feature, you can add a TPM 2.0 virtual cryptoprocessor to a virtual machine.
A vTPM is a software-based representation of a physical Trusted Platform Module 2.0 chip. A vTPM acts as any other virtual device. You can add a vTPM to a virtual machine in the same way you add virtual CPUs, memory, disk controllers, or network controllers. A vTPM does not require a hardware Trusted Platform Module chip.
1/ @VMware vSphere 7.0 Update 3 & @Microsoft Windows 11 both arrived Oct 5, already TinkerTry'd in my #homelab!
- no Win11 type when deploying VM, just use "Windows 10 (64-bit)"
- no issue installing 7.0U3's VMware Tools 11.3.0 in that Win11 VM
- local account works
2/ Current @Veeam Agent for Microsoft Windows 22.214.171.12401 doesn't support Win11, follow https://veeam.com/kb4215 for updates, my basic #homelab testing with Win11 beta showed backup & restore seemed to work. Do NOT expect support yet, just wait for next release/full support.
3/ Win 11's TPM 2.0 & CPU requirements have bypass procedures, unsupported. Testing w/ Xeon D-1500
@supermicro SYS-5028D-TN4T soon.
1st method is TPM bypass by regedit at install https://twitter.com/ibeerens/status/1445709392423178241 - @ibeerens
2nd is tweak ISO https://google.com/search?q=cpu+override+windows+11&rlz=1C1CHBF_enUS941US941&sxsrf=AOaemvJYPjr2yFsV3auMkdqcIosJS0IWCA%3A1633573842532&source=lnt&tbs=cdr%3A1%2Ccd_min%3A10%2F5%2F2021%2Ccd_max%3A10%2F7%2F2021&tbm=)
4/ 3rd is turn on virtual TPM in the VM
My Xeon D-1500 series CPU on my ESXi host is incompatible w/ Win 11. CPU is seen in VM, but Win 11 VM doesn't mind. Installs fine, no CPU bypass req'd. My (Preview) article is still relevant
Replying to @ibeerens and @cchilderhose
You can just add a virtual TPM in Workstation or vSphere, too.
5/ Minor vSphere 7U3 issues noticed so far
- Can't "Upgrade VM Compatibility" for VMs, even those with latest VMware Tools 11360 and powered off
- My daily backups (to SMB) have halted since my VCSA upgrade from 7.0U2d to 7.0U3, I'll use VAMI to do problem determination.
Windows 11 / VMware 7.0U3 / Veeam Agent 5 notes above.
- @thurrott @bdsams @WithinRafael
Delightfully straight-forward way to go forward with Windows 11 on systems with unsupported CPUs
Support implications yes, but at least my 12 core Xeon D-1500 @Supermicro_SMCI system should be good to go, testing this weekend...
The easy way to install Windows 11 on unsupported CPUs https://theverge.com/22715331/how-to-install-windows-11-unsupported-cpu-intel-amd-registry-regedit?utm_campaign=theverge&utm_content=chorus&utm_medium=social&utm_source=twitter
While booting from an ISO (to edit registry for TPM bypass), it won't allow you to upgrade. Instead, this @tomshardware method of running a PowerShell script then running setup.exe from the ISO works.
Testing on Xeon D-1500 system underway, despite nasty warnings...
How to Bypass Windows 11's TPM Requirement and Upgrade from Windows 10 https://trib.al/98YCoJG
9/ Once my VCSA 7.0U3 was misbehaving hours after its ESXi host reboot, vSphere Client saying "no healthy upstream". Rebooting VCSA brought it back to normal. Later I'll look into why daily backups are failing.
10/ Windows 11 is running great on my Intel Xeon D-1567 12 core bare metal, probably all Xeon D-1500 systems too.
My triple monitors & speakers are on a smart power strip. Powering up, all my window positions are actually restored to exactly where I left them. FINALLY/FANTASTIC!
2/ Current @Veeam Agent for Microsoft Windows 126.96.36.19901 doesn't support Win11, follow https://t.co/Mz76vNnGwy for updates, my basic #homelab testing with Win11 beta showed backup & restore seemed to work. Do NOT expect support yet, just wait for next release/full support. pic.twitter.com/6EHPat6SNl— Paul Braren | TinkerTry.com 💻🔌🔋🚘 (@paulbraren) October 7, 2021
4/ 3rd is turn on virtual TPM in the VMhttps://t.co/0giHvQgvyy— Paul Braren | TinkerTry.com 💻🔌🔋🚘 (@paulbraren) October 7, 2021
My Xeon D-1500 series CPU on my ESXi host is incompatible w/ Win 11. CPU is seen in VM, but Win 11 VM doesn't mind. Installs fine, no CPU bypass req'd. My (Preview) article is still relevanthttps://t.co/XUBUrK77AM pic.twitter.com/hfCh1PmSP8
Windows 11 / VMware 7.0U3 / Veeam Agent 5 notes above.— Paul Braren | TinkerTry.com 💻🔌🔋🚘 (@paulbraren) October 7, 2021
+ @thurrott @bdsams @WithinRafael pic.twitter.com/l4AIKK0k42
October 8, 2021
10/ Windows 11 is running great on my Intel Xeon D-1567 12 core bare metal, probably all Xeon D-1500 systems too.— Paul Braren | TinkerTry.com 💻🔌🔋🚘 (@paulbraren) October 8, 2021
My triple monitors & speakers are on a smart power strip. Powering up, all my window positions are actually restored to exactly where I left them. FINALLY/FANTASTIC! pic.twitter.com/lPGgOVL7SS