Skip to content

Windows 11 on VMware ESXi - This PC can't run Windows 11

The latest release of Windows 11 requires a Trusted Platform Module (TPM) 2.0 chip. When you try to install Windows 11 as a Virtual Machine on VMware ESXi, the installation fails with a "This PC can't run Windows 11" error. There is no further information on why the setup fails.

By using SHIFT + F10 and notepad x:\windows\panther\setuperr.log or type x:\windows\panther\setuperr.log, you can verify that the reason for the failed setup is a missing TPM Chip:

This article explains two options to install Windows 11 by either disabling the TPM check, or by adding a Virtual Trusted Platform Module (vTPM) to the Virtual Machine.

Download Windows 11 ISO

If you want to test-drive Windows 11 as a Virtual Machine, you can download the installation Media from a website provided by Microsoft. There are two options - you can use the Installation Media creation tool, or just download a prepared .ISO file.

Download Windows 11

Create Windows 11 VM with Virtual Trusted Platform Module

As a prerequisite to enable vTPM for Virtual Machines, you have to provide a Key Provider. Since vSphere 7.0, vCenter Server comes with a native Key Provider, removing the need for an external KMS. Enabling the Key provider is done on vCenter level.

  1. Open vSphere Client
  2. Navigate to vCenter > Configure > Seurity > Key Provider
  3. Press ADD > Add Native Key Provider
  4. Give the Key Provider a name and disable "Use key provider only with TPM protected ESXi hosts". This allows you to use vTPM on ESXi hosts that do not have a TPM chip.
  5. As a security precaution, the Key Provider has to be backed up at least once to be eligible for use. Press BACK-UP.
  6. As this is a lab environment, I've disabled password protection. Press BACK UP KEY PROVIDER. Make sure that no popup blockers are active. It should download a .p12 file which needs to be kept in a safe location.

 

With the key provider enabled, you can use the vTPM feature in Virtual Machines that fulfill the following requirements:

  • Running on vSphere 6.7 or later
  • VM Hardware Version 14 (ESXi 6.7)
  • EFI Firmware
  • Virtual Machine encryption enabled
  • Windows Virtualization Based Security enabled

Create a new Virtual Machine and enable Encrypt this virtual machine in Step 4. Make sure that the VM Storage Policy is set to VM Encryption Policy. The compatibility warning "Datastore does not match current VM policy" can be ignored.

Set the hardware compatibility to be at least vSphere 6.7. I recommend using the latest version which is HW 19 (ESXi 7.0 U2) at the moment.

Currently, Windows 11 is not listed as a supported guest OS, so just select Windows 10 (64-bit). Make sure to tick Enable Windows Virtualization Based Security.

Add the Trusted Platform Module in Step 7 - Customize Hardware.

You should now be able to Install Windows 11

 

Existing Virtual Machines

For existing Virtual Machines, you can enable VM encryption within VM Options > Encryption by setting the policy to VM Encryption Policy.

To add the vTPM press ADD NEW DEVICE and add the Trusted Platform Module.

 

Install Windows 11 on a Virtual Machine by Disabling TPM Check

If you can't enable vTPM, you can still install Windows 11 by disabling the TPM check.

  1. Create a Virtual Machine and select Windows 10 (64-bit) as the Operating System.
  2. Mount the Windows 11 .ISO and boot the Virtual Machine
  3. When Windows 11 asks for the product key, press SHIFT + F10. This should bring up a command line
  4. Add a Registry Key to disable the TPM check
    REG ADD HKLM\SYSTEM\Setup\LabConfig /v BypassTPMCheck /t REG_DWORD /d 1
  5. Make sure that the operation is completed successfully
  6. Proceed with the Installation

Note: If you are not comfortable with command lines, you can also use the graphical registry editor by entering regedit in the command line.

13 thoughts on “Windows 11 on VMware ESXi - This PC can't run Windows 11”

    1. Nevermind I had a typo. Ran regedit and browsed to the key and I added it in as /BypassTPMCheck so deleted that and created a new dword key BypassTPMCheck and it works fine!

  1. I have a copy of ESXi 7.0u2b running on an older Dell Precision T5600. I have successfully installed a VM of Windows 11 Pro using the above trick (thanks!). However, I have not been able to upgrade a Windows 10 VM, even if I add the registry flags before attempting the upgrade, and there doesn't seem to be the opportunity to interrupt the install to add the hacks during the upgrade process. Any way to get around the TPM and SecureBoot checks during an upgrade?

    1. Hola. Yo tengo el mismo problema. No quiero tocar registro, y configurando todo como aquí indica puedo instalar w11 nuevo pero no actualizar de w10 a w11. Me indica que el procesador no es soportado, cuando no es verdad porque la MV coge un procesador que aparece como compatible por Microsoft.
      A alguien se le ocurre algo?.
      Gracias!

      [Automatic English Translation]
      Hello. I have the same problem. I don't want to touch the registry, and configuring everything as indicated here I can install new w11 but not update from w10 to w11. It tells me that the processor is not supported, when it is not true because the MV takes a processor that appears as compatible by Microsoft.
      Does anyone comes up with something?.
      Thank you!

  2. The second option worked for me.
    First the command didn't work and said "incorrect syntax"
    But using regedit GUI to add the Key manually worked.
    Thanks for your.

  3. Interesting article. There are Engineers out there that have resolved the issues with TPM/ESXi and Win11 without having to resort to either setting up a vTPM/NKP or disabling the TPM check within Win11. But I have not found an article using or resolving that issue using an onboard TPM and a Win11 deployment on > 6.7 for a NUC. I had hoped this author might have done so when I first saw the article. Maybe one day this article will get a revision.

  4. Hi
    I have tried Shift-F10 on my ESXi 8.x but nothing happens. If I do Ctrl-F10 I do get a context menu, but no command prompt. Any ideas?

Leave a Reply to kjstech Cancel reply

Your email address will not be published. Required fields are marked *