Skip to main content

πŸ’‘ The CML VM Fix: Solving My VT-x/EPT Problem

πŸ’‘ The Complete Fix: CML VT-x/EPT Error Solved πŸ› ️

I battled the persistent error: "Virtualized Intel VT-x/EPT is not supported on this platform" while installing CML (Cisco Modeling Labs) on VMware. This problem occurs because the Windows host locks the CPU's hardware virtualization features (VT-x/EPT) that CML needs to run its internal network nodes.

I discovered that fixing this requires aggressively disabling Virtualization-based security (VBS) and HVCI across multiple system layers.

Here is the definitive, comprehensive guide covering every step necessary to solve this issue.

Step 1: The Quick Fix (Disable Nested VT-x in VMware)

I found that telling VMware to hide the feature initially allowed the CML VM to boot, but it failed later when trying to run network nodes. This must be reversed later, but it is an important diagnostic step.

  1. Power off the CML VM.
  2. Go to SettingsProcessors.
  3. Ensure the box for Virtualize Intel VT-x/EPT or AMD-V/RVI is unchecked.
  4. Click OK to save the settings.

Step 2: Aggressive Windows Host Cleanup (The VBS Lock)

The primary cause is Virtualization-based security (VBS) running in Windows, often enforced by Hypervisor-enforced Code Integrity (HVCI), Docker, or Secure Boot. I had to disable these using powerful commands.

A. Disable Conflicting Windows Features

I confirmed the software using the hypervisor was off.

  1. Press Windows Key + R, type optionalfeatures, and press Enter.
  2. Ensure these boxes are unchecked:
    • Hyper-V
    • Virtual Machine Platform
    • Windows Hypervisor Platform

B. Disable Docker (The Key Conflict)

Docker often runs its own hypervisor instance, locking VT-x. I had to completely uninstall it.

  1. Quit Docker Desktop from the system tray.
  2. Uninstall Docker Desktop via Programs and Features.
  3. Open Command Prompt (Admin) and run: 
    wsl --shutdown

C. Disable VBS/HVCI via PowerShell

I used the registry to explicitly disable the security features causing the conflict.

  1. Open PowerShell (Admin).
  2. Run the following commands: 
    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" -Name Enabled -Value 0
bcdedit /set hypervisorlaunchtype off

D. Use the Readiness Tool (The Final Fix)

When VBS persisted, I used the Microsoft tool to forcefully clear the security flags.

  1. Download the DG_Readiness_Tool.ps1 script.
  2. Open Command Prompt (Admin).
  3. Run the script command, replacing the path: 
    powershell -ExecutionPolicy Bypass -File .\DG_Readiness_Tool.ps1 -Disable -AutoReboot
  4. Crucially, confirm the security disable prompt during the boot process.

E. Suspend BitLocker

I learned that BitLocker complicates this process. I ran this command before the final restart to avoid interference:

manage-bde -protectors -disable C: -rebootcount 1

Step 3: Final Verification and Re-enabling VT-x

After the tool ran and the system rebooted, VBS was finally disabled.

  1. Verify VBS is Off: Check System Information (msinfo32). Virtualization-based security must show Not enabled.
  2. Re-enable Nested VT-x: Go back to the CML VM SettingsProcessors. CHECK the box for Virtualize Intel VT-x/EPT or AMD-V/RVI.

The CML VM booted without the error and successfully run its virtual network devices.

Labels:

Comments

Post a Comment

Popular posts from this blog

Telecoms: ePSK - Multiple Pre-Shared Keys

Originally posted on the Cambium Community Networks Just in case you missed it cnMaestro Version 2.2.1 (Cloud and On-Premise), brings us a great new feature called ePSK. If you’re not familiar with ePSK it’s maybe because Cambium are too modest to toot their own trumpet so I’m going to do it for them. In short ePSK gives each user a unique PSK (pre-shared key) when using WPA2-Personal, for me to explain why this is such a useful feature let me first explain the problem with using a shared PSK across the whole WLAN. When a wireless client connects to an AP it completes a 4-Way handshake, this generates the encryption keys used to encrypt wireless traffic. For the 4-way handshake to work it is a requirement that both the client and AP know the passphrase, however the passphrase is never transmitted over the air thereby making this exchange reasonably secure. But what happens when a 3rd party already knows the passphrase? It means they just need to capture the 4-way handshake to gener...
Post a Comment
Read more

Defending Freedom of Speech: The Implications of Facebook Censorship in Papua New Guinea

The Papua New Guinea (PNG) government's recent move to regulate Facebook has sparked significant debate. Citing concerns over misinformation and social unrest, authorities have tested ICT controls to monitor and potentially restrict access to the platform. While the intention is to promote responsible social media use, this action raises critical questions about freedom of expression in the country. The Government's Justification for Facebook Regulation Authorities argue that Facebook has become a conduit for malicious content, including fake news and defamatory material, which could endanger public safety. By implementing a temporary ban or stricter controls, they aim to assess the platform's impact and develop strategies to mitigate these risks. This approach, they claim, is necessary to maintain social harmony and protect citizens from harmful content. However, this rationale has been met with skepticism. Critics contend that such measures...
Post a Comment
Read more

Stop Saying “I Deserve It” – You Probably Don’t

The word deserve is thrown around way too much these days. Back in the day, it meant you earned something through hard work and effort. Now? People use it to justify entitlement. You hear it all the time: “I deserve to be happy.” “I deserve a vacation.” “I deserve that raise.” But do you really? Or do you just want it? What "Deserve" Used to Mean The word deserve comes from the Latin deservire , meaning “to serve well.” Basically, if you put in the effort, you got the reward. Simple. ( Etymology of "deserve" ) It wasn’t just about wanting something; it was about earning it. If you worked hard, you deserved the raise. If you trained every day, you deserved the championship. There was a clear connection between effort and outcome. The Shift to Entitlement Somewhere along the way, people stopped using deserve to mean earned and started using it to mean expected . Now, people say they deserve things just because they exist. No effort,...
Post a Comment
Read more