Separate names with a comma.
Discussion in 'Windows Guest OS Discussion' started by fpmalard, Aug 10, 2022.
Just wanted to say that the fix GlennS5 posted worked for me.
I'm running Parallels 17.x, and originally created the VM as the UEFI version.
The purpose of taking the snapshot is precautionary, advised by the Parallels app at time of removing the TPM in the VM's configuration.
After applying the KB5012170 update, shutting down, re-adding the TPM, and rebooting the VM to confirm function, I deleted the precautionary snapshot (as it was taking up 3 GB on my SSD). Subsequent reboots of the VM are working fine for me in the "current state" with no saved snapshots.
Just an FYI - I had another update today (8/12/22) for "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.219.0)" that failed...
I tried the same approach that GlennS5 noted above re: taking a precautionary snapshot, removing the TPM from the VM's Configuration > Hardwware settings, applying the update, then re-creating the TPM, and then deleting the precautionary snapshot - and it worked for this update as well.
I hope this isn't the start of a trend related to Security & Defender updates, as this will get real old real fast if occurring on a daily basis.
Another FYI - I didn't notice a degradation in performance when I removed the TPM and ran the Windows 11 VM Guest in Parallels Desktop Pro 17.x
Q: How crucial is having the TPM enabled, what functions require its presence? Aside from BitLocker, what doesn't work without it?
Do many people BitLocker their VM's? I BitLocker physical PC's in case they're stolen, but a VM on a MacBook Pro with a T2 chip seems a bit redundant, (which is why I don't do it). Perhaps there are are security issues I'm overlooking... I essentially use my Win11 VM as a "specimen" with Microsoft apps installed so that I can reference and test with it.
When I created the Win11 VM, it seemed the TPM was a pre-requisite for Windows 11 installation & the Secure Boot requirements. Do people disable the TPM/Secure Boot afterward (on physical PC's or VM's) for any reason?
These seem to be coming through daily without problems on my Intel Mac.
I am having the same issue here. Glad to see that I am not alone.
Getting KB5012170 failed on the Win11 VM on my '12 MBP, v16 Parallels. VM has the TPM as it was imported from my '19 MBP with v17 Parallels. I haven't looked at the newer MBP to see if I'm getting it there.
I had the same problem. The solution that GlennS5 proposed worked great (thanks, GlennS5!), and only took a couple of minutes (I'm on a 2018 MacBook Pro running Ventura)
Bleepingcomputer.com has an intersting report that KB5012170 is causing boot issues on actual PCs
Parallels 16 do not fully support Windows 11 since Windows 11 require TPM 2.0 which Parallels supported starting with version 17 if I remember correctly. Seems like Windows 11 work fine without TPM 2.0 after the installation is done even if some features might not work. There is also an option to make Windows 11 bypass the TPM check during installation to install on none supported hardware. Not sure if removing the TPM will work in your case using Parallels 16. Windows 11 and the requirements is pretty much a pain I think.
@paralles Is there any official statement available? Looks like Version 18.0.0 (53049) needs an update to fix the current behavior.
Per Parallels Support:
Hello, Kindly refer to the below steps to fix the issue.
1. Run the Virtual Machine.
2. Create a snapshot (In the top menu, click Actions > Take Snapshot).
3. Shut down the Virtual Machine. Make sure that the virtual machine is shut down. If it is in a suspended state, please run it and then shut down (Actions > Shut Down).
4. Open the Virtual Machine's Configuration (https://kb.parallels.com/117287) > Hardware > then select TPM click (click the lock to prevent further changes) and then click on "-" to delete TPM chip.
6. Click "Remove".
7. Run the Virtual Machine.
8. Try to update Windows.
7. If the update is installed:
7.1 Restart the Virtual Machine.
7.2 Shut down the Virtual Machine. Make sure that the virtual machine is shut down. If it is in a suspended state, please run it and then shut down (Actions > Shut Down).
7.3 Open the Virtual Machine's Configuration (https://kb.parallels.com/117287) > Hardware > then click "+" > TPM to add a new TPM chip.
7.4 Press "Add".
7.5 TPM chip will be added to your Virtual Machine.
7.6 Run the Virtual Machine.
Reminder that the safest approach is to temporarily hide the update using wushowhide: https://download.microsoft.com/down...9cd-4275-8c95-1be17bf70b21/wushowhide.diagcab
Just remember to unhide when fixed in a Parallels update.
Tried this a few days ago. No obvious effect, the update was not installed. Since then, the update has not appeared. Tried again today, twice. Update appeared and failed to install, usual Install error - 0x800f0922. As daily Definition Updates are being installed, is there any need to persist?
No. @Asish@Parallels is only echoing what seemed to work for a few other users and I doubt has looked at the other posts regarding this issue, nor did any investigation as to the safety of doing it.
The stated procedure is only a temporary, immediate fix until new, similar security updates are pushed. Then you have to do it all over again, and keep doing it until the UEFI BIOS/certification is finally updated in Parallels or Microsoft fixes the updates such that it is no longer be required. Only at that time will an update work on it's own.
I should add that to keep doing this also puts you at an increased risk of corrupting the integrity of the VM. Not worth the risk, IMO. The only viable and realistic alternative is to do what @MikeyH suggests above: Tell Windows to ignore these updates until they are known to work, then safely unhide it so it can be applied.
KB5012170 installed with no issuies on ARM based MacBook Pro.
And no problem on ARM based MacBook Air.
On Windows 10 (Virtual Machine) in Parallels 18 on Mac (Monterey) I can confirm that:
1. Even though I do not have a TPM or Parallels vTPM installed, Microsoft / Windows Update insists on trying to install KB5012170.
2. It fails each time with error 0x800f0922
3. I did not want to install a vTPM just to allow an update i don't need
4. MikeyH's link above, for the Windows Show/Hide Update tool, does work to hide any update.
5. The tool used to be available in earlier versions of Windows but has been impossible to find. Apparently the baby got thrown out with the bathwater when they stopped signing older software, and this tool was requested by someone to be resigned, and is now available again. Here is another link:
Happy to report that since my 8/12/22 post (after following GlennS5's advice) I haven't needed to disable my virtual TPM to do any updates. At least I now have a strategy for this type of error going forward.