Could not open /dev/vmmon: No such file or directory. Please make sure that the kernel module `vmmon’ is loaded.
I recently needed to run a VM in VMware and bumped into this issue. After some digging, I managed to get over this with these simple steps outlined in this article.
Update 1st December 2023
The version of WMware Workstation I used originally in this article is 17.0.2. Now I was configuring VMware Player 17.5.0 on a new machine and I had some issues with the host modules. It seems the right version is necessary depending on what VMware you have. I have updated the commands below accordingly.
The background of the error
Basically, when you install VMware it might silently fail to install 2 required modules:
These 2 kernel modules are responsible for host to virtual machine integration to work properly, hence they are vital for VMware to work. In order to make them work, the fix requires building them from source and also signing them with a trusted certificate. This issue occurs on machines with UEFI enabled. UEFI has some protective mechanism that disallows kernel modules to be loaded unless they are from a safe trustworthy source.
I promised 3 easy steps, so let’s prove it! 😉
Step 1: Download VMware modules kernel patches from Github
It seems that Michal Kubeček has some kernel patches on his trusted Github page. We have to download the release for the right VMware version (17.0.2 in my case) and extract them into VMware modules source folder. Run these commands one by one:
$ wget https://github.com/mkubecek/vmware-host-modules/archive/refs/heads/workstation-17.5.0.zip
$ unzip workstation-17.5.0.zip
$ cd vmware-host-modules-workstation-17.5.0
$ tar -cf vmmon.tar vmmon-only && tar -cf vmnet.tar vmnet-only
$ sudo cp -v vmmon.tar vmnet.tar /usr/lib/vmware/modules/source/
Now that these sources are copied in the right location, use the following command to build them:
$ sudo vmware-modconfig --console --install-all
You might see that starting the vmmon and vmnet services will fail, but it’s ok, that’s why we need the following 2 steps.
Step 2: Generate a self signed certificate, sign the modules and register the certificate with the system
Okay, let’s generate a certificate with a private key. We’re going to use the OpenSSL module which should be available on any Linux system:
$ openssl req -new -x509 -newkey rsa:2048 -keyout VMMON.priv -outform DER -out VMMON.der -nodes -days 36500 -subj "/CN=AFITech/"
It is not necessary to add a passphrase to the private key, if you do, make sure you remember it! Next step is to sign both kernel modules with the certificate:
$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./VMMON.priv ./VMMON.der $(modinfo -n vmmon)
$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./VMMON.priv ./VMMON.der $(modinfo -n vmnet)
The final command of this step which is necessary is to import the certificate into the MOK (Machine Owner Key). This is an important command, make sure you do it precisely:
$ sudo mokutil --import VMMON.der
IMPORTANT: A password prompt will ask you to supply one password and repeat it. It’s necessary to remember this password, you will need it at the next startup.
Step 3: Restart your machine and check for the magic
The last command we ran requires you to reboot your machine. The idea is that you’ll then enroll the certificate you just imported with the TPM hardware module and it requires you to enter the password you previously remembered. The screen which appears on reboot should look like this:
Unfortunately I forgot to take a picture of the first screen, this is the screen after entering the password and importing successfully but you get the idea 😀
Now after you login into your machine, do a check in the terminal for the proper initialization of both modules:
$ modinfo vmnet && modinfo vmmon
The result should look similar to this screenshot:
This proves that the modules were loaded correctly and the signer is the certificate common name that we generated in Step 2.
Now check that the VM starts correctly, you should have no more issues.
Side note: some older SSL package might be required
When I started figuring out all of these things, I tried different solutions and commands. I remember at some point the vmnet module was complaining about some SSL issue. I don’t remember when or how but I also ran these commands, which might not be necessary in your case:
$ wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.19_amd64.deb
$ sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.19_amd64.deb
Well, the conclusion is pretty simple: we notice that the fantastic Linux world requires sometimes some mind boggling extra work to be done. As it is usually with life, you don’t achieve much without some elbow grease. I do hope that this guide helps you overcome this challenge if you encounter it. Don’t hesitate to contact me or drop a comment if you need some help. Any feedback is much appreciated, thanks!
Thanks for reading, I hope you found this article useful and interesting. If you have any suggestions don’t hesitate to contact me. If you found my content useful please consider a small donation. Any support is greatly appreciated! Cheers 😉