Run a Nested VM on KVM / QEMU VM in Hyper-V

Hyper-V does not expose Virtualization Extensions to Linux VMs (for nested virtualization) automatically.

However, Microsoft provides a PowerShell script to run against the Linux VM in which you want to use nested virtualization.

The PowerShell script runs a few basic Hyper-V PowerShell commands against the VM, which basically enable the exposure of virtualization extensions and MAC address spoofing, among a few other things you should do when using nested virtualization, such as disabling dynamic memory on the VM providing the nested virtualization.

Enabling Virtualization Extensions Exposure

  1. Copy the following PowerShell script to a .ps1 file on your Hyper-V 2016 hypervisor:
  2. Make sure your VM is not in a saved state.
  3. Stop or Shut down your VM if it’s running.
  4. Either on your Hyper-V hypervisor or via remote PowerShell, set the ExecutionPolicy to Bypass, then run the script:
    .\enableNestedVirt.ps1 VMName
  5. The script will ask you a few questions depending on your VM’s configuration, and will set them to the minimum recommended settings if you say yes “Y“.  I purposely created a test VM with non-optimal settings to get the script to prompt me.

  6. Now you may turn your Linux VM back on and enjoy KVM / QEMU nested virtualization!

Running the above script is a best practice unless you are experienced and are aware of the consequences of improper configuration of a VM hosting nested virtualization.

If you are comfortable, you may simple enter the PowerShell commands manually to enable the virtualization extensions exposure to the VM.  They are written below in the following section.

Disabling Virtualization Extensions Exposure

To disable the exposure of virtualization extensions of a VM running in Hyper-V 2016, you can either delete the VM and create a new one, or you may run the following PowerShell commands in an elevated PowerShell prompt:

  1. Turn off your VM.
  2. Turn off exporure of virtualization extensions:
    Set-VMProcessor -VMName <vmname> -ExposeVirtualizationExtensions $false
  3. Turn off MAC address spoofing:
    Set-VMNetworkAdapter -VMName <vmname> -MacAddressSpoofing off
  4. Now you may turn your VM back on.


Leave a Reply

Your email address will not be published. Required fields are marked *