SCVMM/Hyper-V Manager/Powershell not able to apply Microsoft NDIS Capture virtual switch extension t

Hello all,

As title implies, I cannot enable Microsoft NDIS Capture virtual switch extension on my new Server 2022 core Hyper-V hosts. We primarily manage VMs via SCVMM. Our server 2019 core hosts on the same hardware do NOT have this issue. I'm posting to:

A) Understand what this extension really does, my understanding is it enables "packet capture" or "virtual port spanning" which my virtual environment DOES require, as we use DarkTrace v-sensors on all our hosts for IPS/IDS. We enable this by going into failover cluster manager and setting port mirroring to "source" for all our VMs and "destination" for all the v-sensors. I'm unsure if this will continue to work as intended if the NDIS capture extension isn't checked.

B) See if anyone else has had this issue or resolved it. If I try to enable via Hyper-V manager, it simply states that "the selected extension isn't working correctly. Check the event logs for further information (There are no event logs to correlate). If this is a non-Microsoft extension, contact the vendor (it IS in fact, a microsoft extension. "Microsoft NDIS Packet Capture Filter Driver Company: Microsoft Version: 10.0.20348.1").

If I attempt to enable via powershell (enable-vmswitchextension -name "Microsoft NDIS Capture") it will start for a time, and then stop again.

If I use SCVMM to apply the logical switch to the host, it will successfully apply the switch, but throw an error with the host being non-compliant. As follows:

Warning (26846)

Either the switch extension 'Microsoft NDIS Capture' with driver ID 'ea24cd6c-d17a-4348-9190-09f0d5be83dd' was not installed on the host, or VMM was unable to enumerate the extension's driver version and driver ID. The switch extension is required for this virtual switch. Obviously, the logical switch has that driver selected to be enabled, but the hosts cannot enable it for some reason.

What's interesting is that "driver ID" that SCVMM is reporting (ea24cd6c-d17a-4348-9190-09f0d5be83dd) is NOT the driver ID that is present on the Host. Running "get-vmsystemswitchextension" on the host reports the following:

Id : 430BDADD-BAB0-41AB-A369-94B67FA5BE0A

Name : Microsoft NDIS Capture

Vendor : Microsoft

Version : 10.0.20348.1

ExtensionType : Monitoring

CimSession : CimSession: .

ComputerName : HOST-Q-02

IsDeleted : False

Im at a loss here. Ideally, I can just get this enabled in case it is needed. Alternatively, if I can determine that the extension is NOT needed... Im "ok" with not having it enabled.... but you never know when my org will add something that needs it.