Ash Roberts So - thankfully, I had taken steps to make sure that I COULD get back into my VM. Prior to removing the certificates, I had unencrypted the drives, turned off TPM and tested rebooting successfully. What my REAL problem turned out to be, is that I was trying to do this process on a host running server CORE - which will not allow you to remotely export the certificates with a private key. I had to find PowerShell commands to allow me to do this whole export/import process from the hosts. I also found that I could re-create my certificates from PowerShell as well. In case anyone else finds this useful, what I did is below. I found the existing guardian: Get-HgsGuardian I then removed it: Remove-HgsGuardian -Name "UntrustedGuardian" And finally, I recreated the Guardian with the certificates: New-HgsGuardian -Name "UntrustedGuardian" -Generatecertificates