Windows 11 vm install problems

Hi
I am new to opennebula and would like to get a Windows 11 24H2 template (and associated VMs) going. I have configured most of what I would think is correct based on videos I watched etc. and the VM boots up to the Windows logo then freezes. No errors are received so I am not sure where to look. I have tried to enable toi UEFI secure boot but that causes more problems and when I go searching for those files on my Ubuntu 24.04 LTS server I find different OVMF files. It references OVMF files “OVMF_CODE_.secboot.fd” but I find “OVMF_CODE_4M.secboot.fd” on my system. I am assuming this problem has something to do with secure boot, but this is only an assumption.

Anything else I could consider?

One of the solutions could be to create a symlink like this:
OVMF_CODE_4M.secboot.fd → OVMF_CODE_.secboot.fd

But this is an idea, and I could be wrong. I have not tested it.

Another solution that will work is to bypass the secure boot check on Windows 11 like this:

  • Press SHIFT + F10 in the Windows installer (command prompt window should appear)
  • Create the following registry key HKLM\System\Setup\LabConfig
  • Add the following subkey: BypassSecureBootCheck of type DWORD and value 1

This can be accomplished using this command:
reg add HKLM\System\Setup\LabConfig /v BypassSecureBootCheck /t REG_DWORD /d 1

Hope that helps. Feel free to ask again if you will encounter any issues with Windows :slight_smile:

Thank you, the symlink option worked but I ran the following if anyone else is interested:

sudo ln -s OVMF_CODE_4M.secboot.fd OVMF_CODE.fd
sudo ln -s OVMF_VARS_4M.secboot.fd OVMF_VARS.fd

as it wants those file names for some reason. The VM boots and the install starts but after I select the regional settings it says that my pc does not meet the requirements for Windows 11 Pro.

The reason could be that you do not have enough RAM or your CPU is a bit older. You can add similar registry changes to bypass RAM, CPU, and, most importantly, TPM checks.

  • reg add HKLM\System\Setup\LabConfig /v BypassRAMCheck /t REG_DWORD /d 1
  • reg add HKLM\System\Setup\LabConfig /v BypassSecureBootCheck /t REG_DWORD /d 1
  • reg add HKLM\System\Setup\LabConfig /v BypassTPMCheck /t REG_DWORD /d 1
  • reg add HKLM\System\Setup\LabConfig /v BypassCPUCheck /t REG_DWORD /d 1

From my experience, even if I set Secure firmware to on in OpenNebula, I end up with secure boot disabled. You can check the secure boot state in the VM’s UEFI settings. The easiest way to get in those is to boot without any bootable media.

Thank you, @lukasfazik this worked for me after researching on the internet. Although I encountered a few other obstacles I managed to get the Windows 11 VM installed and booted with a functioning network connection (can see the internet). However, and despite being able to see the internet, I am unable to ping or RDP to VM from another computer on the network. I will state though that the networks are different in that the minionebr interface is 172.16.100.1 and the Windows pc is 192.168.151.200. I am assuming that I should renumber the networks and configure a different gateway and route on the 192.168.151.200 pc. Its been a while since I was an admin, but are there any network design guidelines for OpenNebula when I build this network in the production environment? At present its just a test case at my house.

I guess the virtual machines are behind NAT in OpenNebula, and your Windows PC is outside this NAT. I think you need to create some network in OpenNebula that will be something like a Layer 2 bridge with your NIC attached. But I am not sure since I don’t have experience with this. You can also create a second VM and test the connectivity between them.

Also, I recommend temporarily disabling the Windows firewall during testing so you can ping the Windows VM in case it does not have a Firewall exception or its network profile is set to public.