How to Set Up Windows Server 2016 Hyper-V Generation 2 VMs
Hyper-V supports two types of virtual machines: Generation 1 and Generation 2. Generation 2 virtual machines, introduced in Windows Server 2012 R2 and enhanced in Windows Server 2016, provide a modern UEFI-based firmware environment, Secure Boot support, faster boot times, and compatibility with the latest hardware features. Understanding when and how to use Generation 2 VMs is an important part of managing a modern Hyper-V environment. This tutorial walks through creating Generation 2 VMs, configuring Secure Boot, and understanding the key differences from Generation 1.
Generation 1 vs Generation 2: Key Differences
Generation 1 virtual machines use a legacy BIOS (SeaBIOS) and emulated hardware including an IDE controller, an emulated network adapter, and a PS/2 keyboard and mouse. They support a wide range of operating systems including older Windows versions and most Linux distributions.
Generation 2 virtual machines replace the legacy BIOS with UEFI firmware. They remove the IDE controller entirely in favour of SCSI only. They include a synthetic network adapter (not emulated), which provides better performance and supports PXE boot. They support Secure Boot, which prevents unauthorised boot loaders from loading. They support VHDX files only (not VHD). Supported operating systems are limited to Windows Server 2012 and later, Windows 8 and later, and a range of 64-bit Linux distributions. Generation cannot be changed after VM creation.
Step 1: Create a Generation 2 VM Using Hyper-V Manager
Open Hyper-V Manager on Windows Server 2016. In the Actions pane, click New and then Virtual Machine. The New Virtual Machine Wizard opens. Click Next on the Before You Begin page. Enter a name and optionally specify a custom storage location, then click Next.
On the Specify Generation page, select Generation 2 and click Next. This is the critical selection; once you click Finish it cannot be changed. Assign startup memory (at least 512 MB for core server, 2 GB recommended for most workloads). Decide whether to use Dynamic Memory and click Next.
Configure networking by selecting a virtual switch, then click Next. Create or attach a virtual hard disk (VHDX). Specify the installation media (ISO or network PXE) and click Next, then Finish.
Step 2: Create a Generation 2 VM Using PowerShell
Creating a Generation 2 VM with PowerShell offers more control and is easily scriptable for bulk provisioning:
New-VM -Name "Gen2-WebServer" -Generation 2 -MemoryStartupBytes 2GB -Path "D:Hyper-VVMs" -NewVHDPath "D:Hyper-VVHDsGen2-WebServer.vhdx" -NewVHDSizeBytes 60GB -SwitchName "ExternalSwitch"Set CPU count and enable dynamic memory:
Set-VMProcessor -VMName "Gen2-WebServer" -Count 2
Set-VMMemory -VMName "Gen2-WebServer" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 4GB -StartupBytes 2GBStep 3: Configure Secure Boot
Generation 2 VMs have Secure Boot enabled by default using the Microsoft Windows template. If you are installing a Linux guest, you must change the Secure Boot template to the Microsoft UEFI Certificate Authority template, otherwise the Linux boot loader will be blocked.
To verify the current Secure Boot settings:
Get-VMFirmware -VMName "Gen2-WebServer" | Select-Object SecureBoot, SecureBootTemplateTo disable Secure Boot (not recommended for production Windows VMs but sometimes needed for certain Linux distros):
Set-VMFirmware -VMName "Gen2-WebServer" -EnableSecureBoot OffTo set the Linux-compatible Secure Boot template:
Set-VMFirmware -VMName "Gen2-WebServer" -SecureBootTemplate "MicrosoftUEFICertificateAuthority"Step 4: Configure Boot Order
Generation 2 VMs use a UEFI boot manager that can be configured with a specific boot order. This is useful if you want to boot from the network (PXE) for OS deployment. To view the current boot order:
Get-VMFirmware -VMName "Gen2-WebServer" | Select-Object -ExpandProperty BootOrderTo set a custom boot order (for example, prioritise the DVD drive for OS installation):
$dvd = Get-VMDvdDrive -VMName "Gen2-WebServer"
$hdd = Get-VMHardDiskDrive -VMName "Gen2-WebServer"
Set-VMFirmware -VMName "Gen2-WebServer" -BootOrder $dvd, $hddStep 5: Attach an ISO for OS Installation
Attach an installation ISO to the DVD drive of the Generation 2 VM:
Add-VMDvdDrive -VMName "Gen2-WebServer" -Path "D:ISOWindowsServer2016.iso"Step 6: Start the VM and Install the Operating System
Start the VM and connect via Virtual Machine Connection (VMConnect):
Start-VM -VMName "Gen2-WebServer"
VMConnect.exe localhost "Gen2-WebServer"Press any key to boot from the DVD when prompted. The UEFI firmware will load the Windows boot manager from the ISO and begin setup. Complete the Windows Server installation as normal.
Step 7: Enable Enhanced Session Mode
Generation 2 VMs fully support Hyper-V Enhanced Session Mode, which provides clipboard integration, drive redirection, and better display resolution through the VMConnect console. Enhanced Session requires the VM’s guest OS to have Remote Desktop Services configured. Enable Enhanced Session at the host level:
Set-VMHost -EnableEnhancedSessionMode $trueStep 8: Convert a Generation 1 VM to Generation 2
There is no direct in-place conversion path from Generation 1 to Generation 2. The recommended approach is to create a new Generation 2 VM, then migrate the workload. If you need to migrate a disk, convert the VHD to VHDX and attach it to a new Generation 2 VM, then repair the boot configuration:
Convert-VHD -Path "D:OldVMdisk.vhd" -DestinationPath "D:NewVMdisk.vhdx" -VHDType Dynamic
New-VM -Name "Migrated-Gen2" -Generation 2 -VHDPath "D:NewVMdisk.vhdx" -SwitchName "ExternalSwitch"After attaching the migrated disk, boot from a Windows Server 2016 ISO in repair mode and use bcdboot or bootrec to repair the UEFI boot record if needed.
Benefits Summary
Generation 2 VMs in Windows Server 2016 deliver faster boot and setup times due to UEFI replacing legacy BIOS POST. They support PXE boot via the synthetic network adapter without needing a legacy network adapter. Secure Boot prevents rootkit and bootkit attacks. VHDX disks support features such as online resizing, improved resilience, and larger capacity up to 64 TB. The absence of emulated hardware reduces attack surface and improves performance. For any new Windows Server 2016 or Windows 10 guest workload, Generation 2 should be the default choice.
