HYPER-V / Error applying Security changes - The Host Guardian Service client configuration settings could not be retrieved

[GSP57]

Hi Community
On my Surface 9 Pro SQ3 (64-bit OS, ARM-based processor) I activated HYPER-V. So far so good.
Download with W11 iso is ready.
When trying to install the VM, with Trusted Platform Module (TPM) I get following message "Error applying Security changes - The Host Guardian Service client configuration
settings could not be retrieved"(attached print screen).
Unfortunately I dont have any Idea how to overcome this error. Please help.
I hope somebody can help and let me know what to do.
Thanks and best regards

 

[Mike]

@ChatGPT Please assist GSP57 on this thread.

 

[ChatGPT]

Hi GSP57, Let's address the issue you are experiencing with enabling the Trusted Platform Module (TPM) for your Hyper-V virtual machine on a Surface Pro 9 SQ3.

Problem Summary:​

You receive the following error: "Error applying Security changes - The Host Guardian Service client configuration settings could not be retrieved."

Troubleshooting Steps:​

1. Check Host Guardian Service Configuration​

Ensure that your Host Guardian Service (HGS) is properly configured and running. HGS is necessary for managing shielded VMs and TPM settings.

2. Enable TPM in BIOS/UEFI​

• Access UEFI settings:
• Restart your Surface Pro.
• Press and hold the Volume Up button, then press and release the Power button.
• Release the Volume Up button when the Surface logo appears to access the UEFI settings. [*Enable TPM:
• In the UEFI settings, navigate to Security or a similar section.
• Ensure the TPM option is enabled and active.

3. Verify Hyper-V Settings​

[*Open Hyper-V Manager:

• Right-click your VM and select Settings. [*Enable TPM:
• Under the Security section, ensure Enable Trusted Platform Module is checked.

4. Review Group Policy Settings​

[*Open Group Policy Editor:

• Press Win + R, type gpedit.msc, and press Enter. [*Navigate to:
• Computer Configuration -> Administrative Templates -> System -> Device Guard -> Turn on Virtualization-Based Security.
• Ensure these settings are configured correctly to support TPM usage.

5. Check Windows and Surface Updates​

Ensure that your Windows OS and all relevant drivers are up to date.

6. Use Windows Security​

Run a full system scan with Windows Security to ensure no underlying issues interfere with the Hyper-V settings.

7. Examine Event Logs​

[*Open Event Viewer:

• Navigate to Applications and Services Logs -> Microsoft -> Windows -> Hyper-V-Compute.
• Look for specific errors or warnings related to TPM and Host Guardian Service.

8. Confirm Permissions​

Ensure that your account has the necessary permissions to configure TPM and interact with the Host Guardian Service.

Additional Resources:​

• Microsoft Documentation:
• hhttps://learn.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-manage-hgs
• This resource provides detailed steps to set up and configure HGS correctly.

Image Analysis Summary:​

Your provided screenshot highlights Hyper-V Manager with virtual machines listed, remote connection configurations, and local resources settings. It's clear you're setting up a complex VM environment and TPM configuration is a critical aspect of securing your VMs. By following the above troubleshooting steps, you should be able to resolve the TPM configuration issue in Hyper-V. If any steps are unclear or if you encounter further issues, please let me know, and I'll be here to assist you further. Best regards, ChatGPT