Hyper-V on Windows 10 Anniversary Update Host - WS2016 TP5 Guest Image Hash Issue #130

ryanspletzer opened this Issue Aug 8, 2016 · 13 comments


None yet

6 participants


I recently updated my home machine where I run my lab to Windows 10 Anniversary Update. I went to try out creating my lab fresh in Lability again, and I noticed that Hyper-V did not like the image hash of WS2016 TP5 image (Id: 2016TP5_x64_Standard_EN) on first boot when I recreated the lab. It tries to do a PXE network boot via IPv4, then it comes up to a screen with a message that list the boot order and next to the SCSI disk (which is listed first) it has a message "The image's hash was denied (DBX)." (I made sure to use freshly downloaded ISO's and hotfixes and everything.)

Even if I turn off secure boot, I get a different error message from the boot window: "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem: 1. Insert your Windows installation disc and restart your computer. 2. Choose your language settings, then click 'Next.' 3. Click 'Repair your computer.'"

WS 2012 R2 and latest W10 media appear to still be totally fine, it was just WS2016 TP5 that had this issue. (Didn't try TP4.) Also I assume Windows 8.1 is probably fine, too.

Curious if anyone else ran into this issue with the latest W10 Anniversary Update on their host machine, and WS 2016 TP5 as a guest? (Btw this issue was present before I added / tried out change in #129 PR which adds June 28, 2016 CU to WS 2016 TP5 media hotfixes. Adding that had no effect.)


FYI, I found this link below. Apparently it is a known issue, specifically with TP5, in a Gen 2 VM, on Windows Anniversary Update host. Wow... Super specific problem. D:


It seems like they're going to fix it at some point, but if you're using Lability and desperately want TP5 in Hyper-V you might want to hold off on Anniversary Update for your host just a little bit longer...


I ran into the same issue recently, and chose the workaround to use Gen 1 VMs for TP5 VMs.

janegilring commented Aug 12, 2016 edited

I haven't tested myself, but there is a workaround for the issue in this KB.


Gonna try this out, I had disabled secure boot, but I didn't change the template to Microsoft UEFI Certificate Authority.


Tried that workaround out and it totally works. I'll keep this issue open just for people's awareness, once MSFT fixes it / has new real media for WS 2016 eval which doesn't have the issue I'll close it out.


@ryanspletzer I'm not sure we will be seeing a TP6 of Server 2016 however you can in the nodedata add a SecureBoot = $false statement like so

            NodeName = 'DC-TP5';
            IPAddress = '';
            DnsServerAddress = '';
            Role = 'DC';
            SecureBoot = $false
            Lability_ProcessorCount = 2;

You would then need to run Start-LabConfiguration and then afterwards run this

Get-VM ( Get-LabVM -ConfigurationData configdata.psd1 ).Name -OutVariable vm
Set-VMFirmware -VM $vm -EnableSecureBoot Off -SecureBootTemplate MicrosoftUEFICertificateAuthority

only tested this with 1 vm for now though in therory it should work for multiple vms


I can confirm the issue still exists with 2016 RTM on Win 10 Anniversary


@theJasonHelmick Bummer, is that even with new RTM WS 2016 eval media?


Well, Iโ€™m getting mixed reports form people testing it โ€” I may be wrong, but Iโ€™ve had a few and I need to do some testing. I have a project for Pluralsight authors and students based on Lability here:
https://github.com/theJasonHelmick/PS-AutoLab-Env https://github.com/theJasonHelmick/PS-AutoLab-Env

and in the current release I jsut disabled the secure boot until I get a chance to test it again. The configs and setup on our project is using the new media.json โ€” so its easy enough to test. Iโ€™ll post back.

Jason Helmick
Author/Evangelist | Pluralsight
www.pluralsight.com http://www.pluralsight.com/

On Oct 11, 2016, at 3:21 PM, Ryan Spletzer notifications@github.com wrote:

@theJasonHelmick https://github.com/theJasonHelmick Bummer, is that even with new RTM WS 2016 eval media?

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub #130 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/AME2BuoeHoIYVD9ZWStXd7dXDEoWFMIZks5qzAvsgaJpZM4Jeraa.


@theJasonHelmick @ryanspletzer I did see a similar issue deploying Nano Server TP5 on Server 2016 TP5. It wasn't there with TP4, but it was with TP5 - it might just be coincidence though!

Unfortunately I never got around to investigating it and I have not seen it with the RTM bits running on TP5 or Win10 1607. Therefore, it might be a completely different issue.

Do you have any way to reliably recreate this issue? If so are you using the evaluation media or your own VHD/WIM files?


The only time I've seen this issue it was due to a corrupt parent VHDX.


This issue seems to have disappeared. Latest Windows 10 build host + 2016 Eval bits seem to work just fine. Recommend closing.


@theJasonHelmick have you seen this issue with the RTM media? If not, I guess we can close?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment