How to Configure Hyper-V Generation 2 VMs on Windows Server 2012 R2
Windows Server 2012 R2 introduced Generation 2 virtual machines as a significant advancement over the legacy Generation 1 VM architecture. Generation 2 VMs use a modern firmware model based on UEFI, support Secure Boot, replace IDE and legacy network adapters with purely synthetic devices, and offer faster boot times. This guide explains the differences between Generation 1 and Generation 2, how to create and configure Gen2 VMs, and how to work around common compatibility issues.
Generation 1 vs Generation 2: Key Differences
Understanding the fundamental architectural differences helps you choose the right generation for each workload:
- Firmware: Gen1 uses a legacy BIOS emulation; Gen2 uses UEFI with Secure Boot support
- Boot devices: Gen1 can PXE boot from legacy network adapters; Gen2 PXE boots via the synthetic network adapter using IPv4 or IPv6
- Storage controllers: Gen1 supports IDE and SCSI; Gen2 uses only SCSI (no IDE controller emulation)
- Network adapters: Gen1 includes an emulated legacy NIC and synthetic NICs; Gen2 uses only synthetic NICs (requires Integration Services or a Gen2-capable OS)
- OS support: Gen2 requires a 64-bit guest OS — specifically Windows 8/Server 2012 or later, or specific 64-bit Linux distributions with UEFI support
- Performance: Gen2 VMs typically boot faster and have reduced I/O overhead because they eliminate the legacy hardware emulation layer
Prerequisites
- Windows Server 2012 R2 Hyper-V host
- A 64-bit guest OS ISO that supports UEFI boot (Windows Server 2012/2012 R2, Windows 8/8.1, or compatible Linux)
- Hyper-V Manager or PowerShell with the Hyper-V module
Step 1 — Create a Generation 2 VM
When creating a VM in Hyper-V Manager, on the Specify Generation page, select Generation 2. Via PowerShell:
New-VM -Name "WebServer-Gen2" -Generation 2 -MemoryStartupBytes 4GB -SwitchName "ExternalSwitch" -NewVHDPath "D:VMsWebServer-Gen2.vhdx" -NewVHDSizeBytes 80GB -Path "D:VMsWebServer-Gen2"Note: The -Generation parameter cannot be changed after the VM is created. If you need to change from Gen1 to Gen2 or vice versa, you must create a new VM.
Step 2 — Configure UEFI Secure Boot
By default, Secure Boot is enabled on Generation 2 VMs. Secure Boot prevents unauthorised boot loaders from loading. For Windows guests, the default Microsoft Secure Boot template works correctly. For Linux guests, you may need to change the Secure Boot template or disable Secure Boot:
# Check current Secure Boot settings:
Get-VMFirmware -VMName "WebServer-Gen2"
# Change Secure Boot template for Linux (Ubuntu, SUSE):
Set-VMFirmware -VMName "WebServer-Gen2" -SecureBootTemplate MicrosoftUEFICertificateAuthority
# Disable Secure Boot entirely (not recommended for production):
Set-VMFirmware -VMName "WebServer-Gen2" -EnableSecureBoot OffStep 3 — Configure the Boot Order
Generation 2 VMs use a UEFI-based boot order. When installing an OS from DVD, ensure the DVD drive is first in the boot order:
# Add a DVD drive to the VM for OS installation:
Add-VMDvdDrive -VMName "WebServer-Gen2" -ControllerNumber 0 -ControllerLocation 1
Set-VMDvdDrive -VMName "WebServer-Gen2" -ControllerNumber 0 -ControllerLocation 1 -Path "D:ISOsWS2012R2.iso"
# Set boot order: DVD first, then hard disk
$DVDDrive = Get-VMDvdDrive -VMName "WebServer-Gen2"
$HDDrive = Get-VMHardDiskDrive -VMName "WebServer-Gen2"
Set-VMFirmware -VMName "WebServer-Gen2" -BootOrder $DVDDrive, $HDDriveStep 4 — Attach Network Adapters
Generation 2 VMs only support synthetic network adapters. There is no legacy NIC option. Add and configure a network adapter:
Add-VMNetworkAdapter -VMName "WebServer-Gen2" -SwitchName "ExternalSwitch" -Name "Primary NIC"
# Enable VMQ (Virtual Machine Queue) for better network performance:
Set-VMNetworkAdapter -VMName "WebServer-Gen2" -Name "Primary NIC" -VmqWeight 1For PXE network boot on a Gen2 VM, the boot order must include the network adapter:
$NIC = Get-VMNetworkAdapter -VMName "WebServer-Gen2" -Name "Primary NIC"
$HDDrive = Get-VMHardDiskDrive -VMName "WebServer-Gen2"
Set-VMFirmware -VMName "WebServer-Gen2" -BootOrder $NIC, $HDDriveStep 5 — Configure Storage for Gen2
Generation 2 VMs attach all storage via SCSI controllers. There is no IDE controller. You can have up to 4 SCSI controllers with up to 64 devices each. The OS disk must be attached to SCSI Controller 0:
# The OS disk is already on SCSI 0:0 if created with New-VM
# Add a data disk on SCSI 0:1:
New-VHD -Path "D:VMsWebServer-Gen2-Data.vhdx" -SizeBytes 200GB -Dynamic
Add-VMHardDiskDrive -VMName "WebServer-Gen2" -ControllerType SCSI -ControllerNumber 0 -ControllerLocation 1 -Path "D:VMsWebServer-Gen2-Data.vhdx"Step 6 — Enable TPM for Gen2 VMs
Generation 2 VMs support a virtual TPM (Trusted Platform Module) chip, which enables BitLocker within the VM. To enable the virtual TPM:
Enable-VMTPM -VMName "WebServer-Gen2"
Get-VMSecurity -VMName "WebServer-Gen2"Note: Virtual TPM requires Secure Boot to be enabled and the host must be part of a Host Guardian Service (HGS) deployment for shielded VMs, or you can use a local key protector for simpler scenarios.
Step 7 — Install the Guest OS
Start the VM and connect to its console to complete the OS installation:
Start-VM -VMName "WebServer-Gen2"
VMConnect.exe localhost "WebServer-Gen2"During installation, you should see a UEFI boot screen rather than a traditional BIOS screen. The Windows installer will display a UEFI-style interface and create a GPT partition scheme on the disk rather than MBR.
Step 8 — Post-Installation Configuration
After the OS is installed, remove the installation media and restore the default boot order:
Set-VMDvdDrive -VMName "WebServer-Gen2" -ControllerNumber 0 -ControllerLocation 1 -Path $null
$HDDrive = Get-VMHardDiskDrive -VMName "WebServer-Gen2"
Set-VMFirmware -VMName "WebServer-Gen2" -BootOrder $HDDriveConverting Generation 1 VMs to Generation 2
There is no in-place conversion from Gen1 to Gen2. The process requires creating a new Gen2 VM and migrating the OS disk, which involves converting the MBR disk to GPT and ensuring the existing OS installation is UEFI-compatible. For Windows Server 2012 R2 guests, the recommended approach is to deploy a fresh Gen2 VM and migrate data rather than attempting OS disk conversion.
Verifying Generation Type
Get-VM | Select-Object Name, Generation | Format-Table -AutoSizeCommon Troubleshooting
VM fails to boot after OS installation: Check that the boot order places the OS hard disk first. Gen2 VMs do not auto-detect bootable devices the same way Gen1 BIOS does.
Linux guest fails with Secure Boot error: Change the Secure Boot template to MicrosoftUEFICertificateAuthority or disable Secure Boot for the Linux VM.
Cannot see legacy NIC option: This is by design — Gen2 VMs only support synthetic network adapters. Ensure the guest OS has drivers for Hyper-V synthetic NICs (all Windows Server 2012+ and most modern Linux distributions do).
Summary
Generation 2 VMs on Windows Server 2012 R2 Hyper-V represent the modern approach to virtualisation, eliminating legacy hardware emulation in favour of synthetic devices and UEFI firmware. For supported guest operating systems, Gen2 VMs provide faster boot times, improved security through Secure Boot and virtual TPM support, and a cleaner, more maintainable architecture. When deploying new workloads, always prefer Generation 2 for supported guest OS versions, reserving Generation 1 only for older operating systems that require legacy BIOS or IDE controller support.
