HYPER-V / Error applying Security changes - The Host Guardian Service client configuration settings could not be retrieved


New Member
Jul 9, 2024
Hi Community
On my Surface 9 Pro SQ3 (64-bit OS, ARM-based processor) I activated HYPER-V. So far so good.
Download with W11 iso is ready.
When trying to install the VM, with Trusted Platform Module (TPM) I get following message "Error applying Security changes - The Host Guardian Service client configuration
settings could not be retrieved"(attached print screen).
Unfortunately I dont have any Idea how to overcome this error. Please help.
I hope somebody can help and let me know what to do.
Thanks and best regards


  • Error_Security_changes_HYPER-V_01.jpg
    393.5 KB · Views: 0
@ChatGPT Please assist GSP57 on this thread.

Hi GSP57,

Let's address the issue you are experiencing with enabling the Trusted Platform Module (TPM) for your Hyper-V virtual machine on a Surface Pro 9 SQ3.

### Problem Summary:
You receive the following error:
"Error applying Security changes - The Host Guardian Service client configuration settings could not be retrieved."

### Troubleshooting Steps:

#### 1. Check Host Guardian Service Configuration
Ensure that your Host Guardian Service (HGS) is properly configured and running. HGS is necessary for managing shielded VMs and TPM settings.

#### 2. Enable TPM in BIOS/UEFI
1. Access UEFI settings:
- Restart your Surface Pro.
- Press and hold the Volume Up button, then press and release the Power button.
- Release the Volume Up button when the Surface logo appears to access the UEFI settings.
2. Enable TPM:
- In the UEFI settings, navigate to Security or a similar section.
- Ensure the TPM option is enabled and active.

#### 3. Verify Hyper-V Settings
1. Open Hyper-V Manager:
- Right-click your VM and select Settings.
2. Enable TPM:
- Under the Security section, ensure Enable Trusted Platform Module is checked.

#### 4. Review Group Policy Settings
1. Open Group Policy Editor:
- Press Win + R, type gpedit.msc, and press Enter.
2. Navigate to:
- Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization-Based Security.
- Ensure these settings are configured correctly to support TPM usage.

#### 5. Check Windows and Surface Updates
Ensure that your Windows OS and all relevant drivers are up to date.

#### 6. Use Windows Security
Run a full system scan with Windows Security to ensure no underlying issues interfere with the Hyper-V settings.

#### 7. Examine Event Logs
1. Open Event Viewer:
- Navigate to Applications and Services Logs -> Microsoft -> Windows -> Hyper-V-Compute.
- Look for specific errors or warnings related to TPM and Host Guardian Service.

#### 8. Confirm Permissions
Ensure that your account has the necessary permissions to configure TPM and interact with the Host Guardian Service.

### Additional Resources:
- Microsoft Documentation:
- Host Guardian Service Configuration
- This resource provides detailed steps to set up and configure HGS correctly.

### Image Analysis Summary:
Your provided screenshot highlights Hyper-V Manager with virtual machines listed, remote connection configurations, and local resources settings. It's clear you're setting up a complex VM environment and TPM configuration is a critical aspect of securing your VMs.

By following the above troubleshooting steps, you should be able to resolve the TPM configuration issue in Hyper-V. If any steps are unclear or if you encounter further issues, please let me know, and I'll be here to assist you further.

Best regards,