Share this post on:

Could not open /dev/vmmon: No such file or directory. Please make sure that the kernel module `vmmon’ is loaded.

I recently needed to run a VM in VMware and bumped into this issue. After some digging, I managed to get over this with these simple steps outlined in this article.

The version of WMware Workstation I used is 17.0.2.

The background of the error

Basically, when you install VMware it might silently fail to install 2 required modules:

  • vmmon
  • vmnet

These 2 kernel modules are responsible for host to virtual machine integration to work properly, hence they are vital for VMware to work. In order to make them work, the fix requires building them from source and also signing them with a trusted certificate. This issue occurs on machines with UEFI enabled. UEFI has some protective mechanism that disallows kernel modules to be loaded unless they are from a safe trustworthy source.

I promised 3 easy steps, so let’s prove it! 😉

Step 1: Download VMware modules kernel patches from Github

It seems that Michal Kubeček has some kernel patches on his trusted Github page. We have to download the release for the right VMware version (17.0.2 in my case) and extract them into VMware modules source folder. Run these commands one by one:

$ wget https://github.com/mkubecek/vmware-host-modules/archive/refs/tags/w17.0.2.zip
$ unzip w17.0.2.zip
$ cd vmware-host-modules-w17.0.2/
$ tar -cf vmmon.tar vmmon-only && tar -cf vmnet.tar vmnet-only
$ sudo cp -v vmmon.tar vmnet.tar /usr/lib/vmware/modules/source/

Now that these sources are copied in the right location, use the following command to build them:

$ sudo vmware-modconfig --console --install-all 

You might see that starting the vmmon and vmnet services will fail, but it’s ok, that’s why we need the following 2 steps.

Step 2: Generate a self signed certificate, sign the modules and register the certificate with the system

Okay, let’s generate a certificate with a private key. We’re going to use the OpenSSL module which should be available on any Linux system:

$ openssl req -new -x509 -newkey rsa:2048 -keyout VMMON.priv -outform DER -out VMMON.der -nodes -days 36500 -subj "/CN=AFITech/"

It is not necessary to add a passphrase to the private key, if you do, make sure you remember it! Next step is to sign both kernel modules with the certificate:

$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./VMMON.priv ./VMMON.der $(modinfo -n vmmon)
$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./VMMON.priv ./VMMON.der $(modinfo -n vmnet)

The final command of this step which is necessary is to import the certificate into the MOK (Machine Owner Key). This is an important command, make sure you do it precisely:

$ sudo mokutil --import VMMON.der

IMPORTANT: A password prompt will ask you to supply one password and repeat it. It’s necessary to remember this password, you will need it at the next startup.

Step 3: Restart your machine and check for the magic

The last command we ran requires you to reboot your machine. The idea is that you’ll then enroll the certificate you just imported with the TPM hardware module and it requires you to enter the password you previously remembered. The screen which appears on reboot should look like this:

Unfortunately I forgot to take a picture of the first screen, this is the screen after entering the password and importing successfully but you get the idea 😀

Now after you login into your machine, do a check in the terminal for the proper initialization of both modules:

$ modinfo vmnet && modinfo vmmon

The result should look similar to this screenshot:

This proves that the modules were loaded correctly and the signer is the certificate common name that we generated in Step 2.

Now check that the VM starts correctly, you should have no more issues.

Side note: some older SSL package might be required

When I started figuring out all of these things, I tried different solutions and commands. I remember at some point the vmnet module was complaining about some SSL issue. I don’t remember when or how but I also ran these commands, which might not be necessary in your case:

$ wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.19_amd64.deb
$ sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.19_amd64.deb

Conclusion

Well, the conclusion is pretty simple: we notice that the fantastic Linux world requires sometimes some mind boggling extra work to be done. As it is usually with life, you don’t achieve much without some elbow grease. I do hope that this guide helps you overcome this challenge if you encounter it. Don’t hesitate to contact me or drop a comment if you need some help. Any feedback is much appreciated, thanks!

Thanks for reading, I hope you found this article useful and interesting. If you have any suggestions don’t hesitate to contact me. I also invite you subscribe to my BuyMeACoffee page. Any support is greatly appreciated! Cheers  😉

Hi there 👋
It’s nice to meet you.

Sign up to receive useful content in your inbox, every month.

Spam is a waste of time, I prefer something creative! Read the privacy policy for more info.

Avatar afivan

Author: afivan

Enthusiast adventurer, software developer with a high sense of creativity, discipline and achievement. I like to travel, I like music and outdoor sports. Because I have a broken ligament, I prefer safer activities like running or biking. In a couple of years, my ambition is to become a good technical lead with entrepreneurial mindset. From a personal point of view, I’d like to establish my own family, so I’ll have lots of things to do, there’s never time to get bored 😂