Failed to enable ESXi Host Encryption Mode after upgrading/rebooting with Native Key Provider.
search cancel

Failed to enable ESXi Host Encryption Mode after upgrading/rebooting with Native Key Provider.

book

Article ID: 311922

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides a workaround when encountered the above issue.


Symptoms:
Failing to enable ESXi Host Encryption Mode after upgrading/rebooting with Native Key Provider.

Environment

VMware vSphere ESXi 7.0.3

Cause

The original Native Key provider which generate the host deleted by user and they create a Native Key Provider with the same name, but the KDK and KeyID are not same with the original. So the host key can't be resolved after host upgrading/rebooting

Resolution

The user has to restore the original Native Key Provider by backup file and should not re-use key provider names unless the key providers really are the same logical key provider.

 


Workaround:

Rekey host key by invoke api hostSystem.configureCryptoKey from mob with new default key provider if they can't recover the original native key provider.


Powered by Wolken Software