Failed to enable "Host Encryption Mode" in vCenter.
search cancel

Failed to enable "Host Encryption Mode" in vCenter.

book

Article ID: 314228

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

  • When the attempting to enable "Host Encryption Mode" on a specific ESXi host, an error is reported stating "Need to configure native key provider."
  • In the vCenter, key providers status may have a Warning
  • vCenter - /var/log/vmware/vpxd.log may show the below:

YYYY-MM-DD HH:MM:SSZ error vpxd[04098] [Originator@6876 sub=CryptoManager opID=HB-host-######-########-###-########] Failed to call vAPI to create native key provider with provider ID #### on host [vim.HostSystem:host-###,####]:
--> {
-->     "ERROR": {
-->         "com.vmware.vapi.std.errors.unauthorized": {
-->             "data": {
-->                 "OPTIONAL": null
-->             },
-->             "error_type": {
-->                 "OPTIONAL": "UNAUTHORIZED"
-->             },
-->             "messages": []
-->         }
-->     }
--> }
YYYY-MM-DD HH:MM:SSZ error vpxd[04098] [Originator@#### sub=CryptoManager opID=HB-host-########-########-###-########] Failed to invoke "Providers.Create" on host ####.
--> Error:
-->    com.vmware.vapi.std.errors.unauthorized
--> No messages!
-->
YYYY-MM-DD HH:MM:SSZ error vpxd[04098] [Originator@#### sub=CryptoManager opID=HB-host-######-########-###-#######] Failed to create native key provider on host [vim.HostSystem:host-###,####] : N4Vpxd7Langley21UnauthorizedExceptionE(Error:
-->    com.vmware.vapi.std.errors.unauthorized
--> No messages!
--> )
--> 
YYYY-MM-DD HH:MM:SSZ error vpxd[16783] [Originator@6876 sub=CryptoManager opID=HB-host-######-#######-###-########] Failed to enable encryption on [vim.HostSystem:host-###,####]: N5Vmomi5Fault12NotSupported9ExceptionE(Fault cause: vmodl.fault.NotSupported
YYYY-MM-DD HH:MM:SSZ error vpxd[16783] [Originator@6876 sub=CryptoManager opID=HB-host-######-#######-###-########] Failed to recover [vim.HostSystem:host-###,####] crypto state from "incapable" to "safe" in [vim.ClusterComputeResource:domain-####,###-##].
YYYY-MM-DD HH:MM:SSZ error vpxd[00834] [Originator@6876 sub=CryptoManager opID=HB-host-######-#######-###-########] Failure enabling host encryption: N3Vim5Fault12NoPermission9ExceptionE(Fault cause: vim.fault.NoPermission

Cause

This issue can occur if the "vpxuser" lacks sufficient entitlements because the client profile was not updated successfully.

Resolution

The issue can be resolved by temporarily disconnecting and reconnecting the problematic ESXi host.

Note: This will not power off or shut down any VMs.

  • Login to vSphere Client and navigate to the Hosts and Clusters view.
  • Right-click the affected ESXi host and choose Disconnect.  
  • Once the host shows as “Disconnected,” right-click again and select "Reconnect".
  • You may be prompted to enter the host's root credentials.
  • Monitor the task progress and ensure the host returns to a connected and healthy state.
  • Retry enabling the Host Encryption mode.
Powered by Wolken Software