When the customer attempts to enable "Host Encryption Mode" on a specific ESXi host, an error is reported stating, "Need to configure native key provider."
vCenter:
7.0.x
7.0.3
===================
ESXi:
6.7
7.0.x
8.0.x
This issue can occur if the "vpxuser" lacks sufficient entitlements because the client profile was not updated successfully.
Workaround:
The issue can be resolved by temporarily disconnecting and reconnecting the problematic ESXi host.
Impact/Risks:
The customer is unable to enable "Host Encryption Mode."
=============================================================
2023-07-25T05:30:59.755Z error vpxd[04098] [Originator@6876 sub=CryptoManager opID=HB-host-######-########-###-########] Failed to call vAPI to create native key provider with provider ID #### on host [vim.HostSystem:host-128,####]:
--> {
--> "ERROR": {
--> "com.vmware.vapi.std.errors.unauthorized": {
--> "data": {
--> "OPTIONAL": null
--> },
--> "error_type": {
--> "OPTIONAL": "UNAUTHORIZED"
--> },
--> "messages": []
--> }
--> }
--> }
2023-07-25T05:30:59.755Z error vpxd[04098] [Originator@#### sub=CryptoManager opID=HB-host-########-########-###-########] Failed to invoke "Providers.Create" on host ####.
--> Error:
--> com.vmware.vapi.std.errors.unauthorized
--> No messages!
-->
2023-07-25T05:30:59.755Z error vpxd[04098] [Originator@#### sub=CryptoManager opID=HB-host-######-########-###-#######] Failed to create native key provider on host [vim.HostSystem:host-128,####] : N4Vpxd7Langley21UnauthorizedExceptionE(Error:
--> com.vmware.vapi.std.errors.unauthorized
--> No messages!
--> )
--> [context]###################################################################################################################################################################################+##############=[/context]
2023-07-25T06:21:09.362Z error vpxd[16783] [Originator@6876 sub=CryptoManager opID=HB-host-######-#######-###-########] Failed to enable encryption on [vim.HostSystem:host-128,####]: N5Vmomi5Fault12NotSupported9ExceptionE(Fault cause: vmodl.fault.NotSupported
2023-07-25T06:21:09.364Z error vpxd[16783] [Originator@6876 sub=CryptoManager opID=HB-host-######-#######-###-########] Failed to recover [vim.HostSystem:host-128,####] crypto state from "incapable" to "safe" in [vim.ClusterComputeResource:domain-####,###-##].
2023-07-25T06:26:11.337Z error vpxd[00834] [Originator@6876 sub=CryptoManager opID=HB-host-######-#######-###-########] Failure enabling host encryption: N3Vim5Fault12NoPermission9ExceptionE(Fault cause: vim.fault.NoPermission
# cd etc/vmware/configstore
# /build/apps/contrib/bin/configstorereader.py config current get -c esx -g authentication -k client_profiles
<snippet>
{ "cs_generated_id": "## ## ## ## ## ##-## ## ## ## ## ## ## ##", "subject": { "type": "LOCAL_USER", "name": "vpxuser" }, "grants": [ { "cs_generated_id": "## ## ## ## ## ##-## ## ## ## ## ## ## ##", "resource_type": "ENTITLEMENT", "entitlement": "IDENTITY_MGMT" }, { "cs_generated_id": "## ## ## ## ## ##-## ## ## ## ## ## ## ##", "resource_type": "ENTITLEMENT", "entitlement": "READ_ONLY" }, { "cs_generated_id": "## ## ## ## ## ##-## ## ## ## ## ## ## ##", "resource_type": "ENTITLEMENT", "entitlement": "SECURITY" ### <-- !! } ] }, <snippet>