argumentum Posted November 10, 2024 Posted November 10, 2024 A PC I run VMs on is half dead. Copied the VMs to another PC ( both Win11 ). Lucky me to have more than one PC. It became a problem when starting the VM I get: [Window Title] Virtual Machine Connection [Main Instruction] The application encountered an error while attempting to change the state of 'TheVmName'. [Content] 'TheVmName' failed to start. 'TheVmName' could not initialize. The key protector could not be unwrapped. Details are included in the HostGuardianService-Client event log. [Expanded Information] 'TheVmName' failed to start. (Virtual machine ID 11111111-2222-3333-4444-555555555555) 'TheVmName' failed to start worker process: The parameter is incorrect. (0x80070057). (Virtual machine ID 11111111-2222-3333-4444-555555555555) 'TheVmName' could not initialize. (Virtual machine ID 11111111-2222-3333-4444-555555555555) The key protector for the virtual machine 'TheVmName' could not be unwrapped. . Details are included in the HostGuardianService-Client event log. The parameter is incorrect. (0x80070057). (Virtual machine ID 11111111-2222-3333-4444-555555555555) The key protector for the virtual machine could not be unwrapped [^] Hide details [Close] The solution is to import these certs from the original PC. Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Solution argumentum Posted November 10, 2024 Author Solution Posted November 10, 2024 (edited) expandcollapse popup#RequireAdmin #include "RunWaitEx.au3" ; https://www.autoitscript.com/forum/topic/139260-autoit-snippets/page/22/#comment-1478119 Global $g_SuperDuperPassword = "SuperDuperPassword!" ; based on https://www.elevenforum.com/t/hyper-v-tpm-issue-with-windows-11-on-new-device.14704/ ;~ VmCertsForTPM_OldPC_Export_Certs() ; backup your VM certs ;~ VmCertsForTPM_NewPC_Import_Certs() ; restore your VM certs #Region functions Func VmCertsForTPM_NewPC_Import_Certs() Local $sRet = _RunWaitEx('certutil -importpfx -p "' & $g_SuperDuperPassword & '" "Shielded VM Local Certificates" ' & FileGetShortName(@ScriptDir) & '\ShieldedVMEncryption.pfx') ConsoleWrite($sRet & @CRLF) $sRet = _RunWaitEx('certutil -importpfx -p "' & $g_SuperDuperPassword & '" "Shielded VM Local Certificates" ' & FileGetShortName(@ScriptDir) & '\ShieldedVMSigning.pfx') ConsoleWrite($sRet & @CRLF) EndFunc Func VmCertsForTPM_OldPC_Export_Certs() Local $iErr, $iExt, $sRet = _RunWaitEx('certutil -store "Shielded VM Local Certificates"') $iErr = @error $iExt = @extended Local $aSN = pullSerialNumbers($sRet) For $n = 1 To $aSN[0][0] If FileGetSize(@ScriptDir & '\ShieldedVM' & $aSN[$n][2] & '.pfx') Then ConsoleWrite('- ShieldedVM' & $aSN[$n][2] & '.pfx export: EXISTS, no export occurred.' & @CRLF) ContinueLoop EndIf $sRet = _RunWaitEx('certutil -exportpfx -p "' & $g_SuperDuperPassword & '" "Shielded VM Local Certificates" ' & $aSN[$n][1] & ' "' & FileGetShortName(@ScriptDir) & '\ShieldedVM' & $aSN[$n][2] & '.pfx') ConsoleWrite($sRet & @CRLF) If StringInStr($sRet, "CertUtil: -exportPFX command completed successfully.") Then ConsoleWrite('+ ShieldedVM' & $aSN[$n][2] & '.pfx export: OK' & @CRLF) Else ConsoleWrite('! ShieldedVM' & $aSN[$n][2] & '.pfx export: FAILED' & @CRLF) EndIf Next EndFunc Func pullSerialNumbers($sRet) Local $aStr = StringSplit($sRet, @CRLF) Local $n, $iCount = 0, $aRet[UBound($aStr) + 1][5] $aRet[0][1] = "Serial Number" $aRet[0][2] = "Type" $aRet[0][3] = "Issuer" For $n = 1 To UBound($aStr) -1 If StringInStr($aStr[$n], "================ Certificate ") Then $iCount += 1 ContinueLoop EndIf If StringInStr($aStr[$n], "Serial Number: ") Then $aRet[$iCount][1] = StringStripWS(StringTrimLeft($aStr[$n], StringLen("Serial Number: ")), 3) ContinueLoop EndIf If StringInStr($aStr[$n], "Issuer: ") Then $aRet[$iCount][3] = StringStripWS(StringTrimLeft($aStr[$n], StringLen("Issuer: ")), 3) $aRet[$iCount][2] = getShieldedVmCertType($aRet[$iCount][3]) ContinueLoop EndIf Next ReDim $aRet[$iCount + 1][5] $aRet[0][0] = $iCount Return $aRet EndFunc Func getShieldedVmCertType($sStr) Local $aArray = StringSplit($sStr, " ") If UBound($aArray) > 3 Then Return $aArray[3] Return SetError(1, 0, "FAILED") EndFunc #EndRegion functions Fortunately my old PC still runs enough to export the certs. If it had just died, I could copy the VMs from the drive, but not export the certs. Therefore, backup them VM certs ( Encryption and Signing ) somewhere just in case you need them. I learn that the hard way. I didn't expect my, not so old, "Dell XPS 8700K OMG so expensive ( back then ) PC" to just brake, but it did. Edited November 11, 2024 by argumentum Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now