Compared to previous Windows versions, to install Windows 11 on VMware vSphere a specific configuration is required to complete the procedure.
Microsoft enforced the security requirements in Windows 11 as part of the installation procedure and a new virtual hardware (TPM) and disk encryption must be configured in vSphere to complete the installation successfully.
If these settings are not properly configured, when you install Windows 11 on VMware vSphere virtual machine you won't be able to install the operating system receiving the error "This PC can't run Windows 11".
Prerequisites
To install Windows 11 on VMware vSphere there are some prerequisites you should consider:
- A Key Provider must be configured in VMware vSphere or an external third-party key provider.
- You must be running vSphere 7 U2 or later to configure the Native Key Provider.
- Windows 11 requires TPM 2.0.
- The VM must be configured to use EFI firmware.
Configure the Native Key Provider
To encrypt a virtual machine disk and to configure a vTPM device, a Key Provider is required. In VMware vSphere 7.0 Update 2 the new vSphere Native Key Provider feature has been added eliminating the need for an external third-party solution.
From the vSphere Client, select the vcenter object and access the Configure section. Select Key Providers under Security then click Add. Select Add Native Key provider option.
Enter the Name for the Native Key Provider (for example LocalNKP) and click Add Key Provider.
To make the Key Provider active, you need to back it up first. Select the just created Key Provider and click on the Back Up button.
Enable the Protect Native Key Provider data with password (Recommended) option.
Enter the Password twice to protect the Native Key Provider and thick I have saved the password in a secure place checkbox. Click Back Up Key Provider.
The key will download in the browser as a .p12 file. Click Save.
Once the backup has been completed successfully, the Native Key Provider Status becomes Active.
The Native Key Provider configuration is complete.
Install Windows 11 on VMware vSphere
Right click the vSphere cluster and select New Virtual Machine.
Select Create a new virtual machine and click Next.
Enter a Virtual Machine name and select the location. Click Next.
Select the compute resource and click Next.
Enable the Encrypt this virtual machine option and select the datastore to store the VM. Click Next.
To use the required vTPM feature, at least ESXi 6.7 and later must be selected in the Compatible with drop-down menu. Click Next.
If Windows 11 is not available in the list, select Microsoft Windows 10 (64-bit) and enable option Enable Windows Virtualization Based Security. Click Next.
After connecting the CD/DVD Drive to the Windows 11 ISO file, click Add New Device and select Trusted Platform Module.
The TPM module has been installed.
In the Boot Options section, make sure the Firmware is set as EFI and the Secure Boot enabled. Click Next.
Click Finish to save the configuration.
If you receive the following error, make sure TPM 2.0 is installed/enabled in the target host.
If you now run the Windows 11 installation on VMware vSphere, the procedure go ahead with no issues.
Because it's a best practice to ensure that each Windows 11 virtual machine contains a unique vTPM device, during cloning or deployment operations you must ensure vTPM and stored secrets are not also cloned:
- vSphere 7 - remove and re-add the vTPM device manually during the template deployment.
- vSphere 8 - the TPM Provision Policy has been introduced in the wizard to replace vTPM devices automatically.
Following this configuration, the procedure to install Windows 11 on VMware vSphere can be successfully completed.
