How to install Windows 11 on VmWare ESXi

When you try to install Windows 11 as a virtual machine on VMware ESXI, you need a 2.0 TPM. In this post , we will examine the common error " This PC can't run Windows 11 ".

Using SHIFT + F10 and notepad,

X: \ windows \ panther \ setuperr.log or type X: \ windows \ panther \ setuperr.log, you can check the startup problem of a TPM chip and see its logs:

This article teaches you two options for installing Windows 11 by disabling the TPM check or adding a valid Virtual Trusted Platform Module (VTPM) to your virtual machine.

If you want to test Windows 11 as a virtual machine, you can download the installation media from a website provided by Microsoft. There are two options: you can install Media creation, or just download a prepared file.

Create Windows 11 VM with Virtual Trusted Platform Module

As a prerequisite for enabling VTPM on virtual machines, you must enable a version of your virtual operating system to take full advantage of it. Since vSphere 7.0 , the vCenter server with Key Provider has been released, KMS is required to remove it. The activation process is done on vCenter.

Follow the steps below:

1- Open the vSphere Client
2- Go to vCenter> Configure> Security> Key Provider
3- Click  ADD> Add Native Key Provider

Assign a name to the Key Provider and disable the "Use key provider only with TPM protected ESXi hosts" option. This process allows you to use vTPM on ESXi without the TPM chipset.

As a security enhancement, the Key Provider must be backed up at least once to be eligible. Press BACK-UP.

As this is a lab environment, we have disabled password protection. Press BACK UP KEY PROVIDER . Make sure no popup blocker is enabled. 

Must download a .p12 file to be stored in a secure location.

By activating the key provider, you can use the VTPM feature in virtual machines that has the following specifications:

- Vsphere 6.7 or higher
- Hardware VM Version 14 (ESXi 6.7)
- EFI Firmware
- Virtual Machine encryption enabled
- Windows Virtualization Based Security enabled

Create a new virtual machine and enable Encrypt this virtual machine in step 4. Make sure the VM Storage Policy is set to VM Encryption Policy . The "Datastore does not match current VM policy" warning about compatibility can be ignored.

Set hardware compatibility to at least vSphere 6.7 . I recommend using the latest version of HW 19 (ESXI 7.0 U2) that is currently available. Windows 11 is not currently supported as a guest operating system, so choose only Windows 10 (64-bit). Make sure you have Windows Virtualization Based Security  enabled.

Add the desired module specifications in step 7 - Customize your hardware.

You should now be able to install Windows 11.

For existing virtual machines, you can enable VM Encryption. To perform this process, perform the following operation. Set VM Options> Encryption   to VM Encryption Policy mode .

To add vTPM, click ADD NEW DEVICE and add Trusted Platform Module .

Install Windows 11 on a virtual machine by disabling TPM Check.

If you can not enable VTPM, you can still install Windows 11 by disabling TPM.

Build a virtual machine and select  Windows 10 (64-bit) as the operating system.
Mount the Windows 11 ISO file and boot the virtual machine.
When Windows 11 requests a license, press Shift + F10 to open the command line window.
By entering the following command, you will create a Registry Key to disable TPM check.

REG ADD HKLM \ SYSTEM \ Setup \ LabConfig / v BypassTPMCheck / t REG_DWORD / d 1

Make sure that the operation is completed successfully.

Continue the installation process.