After spending entirely too long on this particular problem I found a solution. I too was having problems getting nested virtualization working on my Windows Server 2019 VM Guest. After installing HyperV my VM would no longer boot up.
In this particular situation I'm running Linux with KVM/Qemu as my L0 hypervisor, and run a Windows Server 2019 VM that I need to run docker on. One of our clients has a set of PowerShell scripts that they use to setup the docker dev environment (very Windows-centric which I strongly dislike).
Firstly, I did confirm that my kvm-intel
kernel model had nested virtualization support enabled:
cat /sys/module/kvm_intel/parameters/nested
So that wasn't the issue, but it's worth mentioning that this is required to support nested virtualization for KVM/Qemu setups.
The actual solution was to change my CPU configuration in Virt Manager from (the default)
<cpu mode="host-model" check="partial"/>
To:
<cpu mode="custom" match="exact" check="partial">
<model fallback="allow">Skylake-Client-noTSX-IBRS</model>
<feature policy="disable" name="hypervisor"/>
<feature policy="require" name="vmx"/>
</cpu>
Which forces my CPU model to be Skylake-Client-noTSX-IBRS
instead of Skylake-Client-IBRS
(which was the default). For some reason TSX caused serious problems for me.
<feature policy="disable" name="hypervisor" />
makes windows "think" it's not running as a VM.
<feature policy="require" name="vmx" />
forces the vmx
CPU feature allowing the Windows Server 2019 VM to itself be able to run other VMs.
If you look at your Windows task manager (from within the VM), you'll see that Windows believes the processors are bare metal processors (as opposed to virtual processors) while simultaneously having virtualization support. At this point I I could install Docker for windows and begin working with it. The setup was:
- L0: Linux (KVM/Qemu)
- L1: Windows Server 2019 (HyperV)
- L2: Docker
I hope this helps other people running into problems with Nested Virtualization on Windows Guests running in KVM. It's admittedly an edge case, but I could see others running into the same challenges.
systeminfo
. At the end will be about five lines of "Hyper-V" related information. Paste that section into your question.