Initialize-HgsServiceName Fails in VMWare

A short one, but one that took some digging and debugging and help from others. Saving here, so I remember, as do others.

I had a VMWare Workstation v12.x VM of SQL Server 2016 and was working with this tutorial on Always Encrypted with Secure Enclaves. In setting up the HGS server, I got to step 3 which has this code:

Initialize-HgsAttestation -HgsServiceName 'hgs' -TrustHostKey

When I ran this, I got an error:

2019-04-24 07_52_51-Window

That’s not good. In trying to find why this won’t run, eventually, I realized that my VMWare system needs the Microsoft Virtualization Based Security. This isn’t an option in my older VM, I believe because this is

a) v12 and not v14+

b) BIOS firmware

You can see my settings here:

2019-04-24 07_53_42-Window

Fortunately I had an upgrade for VMWare available and updated to v15, and then build a new VM as a v14+ hardware version. This gave me UEFI and once the VM was shut down, I could check the VBS box.

2019-04-24 07_53_26-Window

After doing this, I could move forward with my secure enclave config.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Blog and tagged , , . Bookmark the permalink.