The new host TPM endorsement key doesn't match the one stored in the DB
To clear the message, blank the key value (endorsement_key, attestation_identity_key) in the VPX_HOST table, followed by a disconnect/reconnect of the affected host.
service-control --stop vmware-vpxd
Note: This command requires the bash shell prompt - Enable and Access the Bash Shell from the Appliance Shell
/opt/vmware/vpostgres/current/bin/pg_dump -U postgres -t VPX_HOST VCDB > /var/core/VPX_HOST.sql
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -h localhost -c "select ID,DNS_NAME,endorsement_key,attestation_identity_key from VPX_HOST;"
Note: The above command will list all the hosts "endorsement_key, attestation_identity_key" connected to the vCenter
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -h localhost -c "select id,dns_name,endorsement_key,attestation_identity_key from VPX_HOST WHERE dns_name = 'FQDN_of_issued_host.domain';"
Replace the FQDN_of_issued_host.domain with the issue Host's FQDN in above command.
Note: The host ID can also be identified/verified from the Web Browser (highlighted below)/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -h localhost -c "update VPX_HOST set endorsement_key='', attestation_identity_key='' where id = <Host ID in step 6>;"
Note: the output should look similar to:
UPDATE 1
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -h localhost -c "select ID,DNS_NAME,endorsement_key,attestation_identity_key from VPX_HOST;"
service-control --start vmware-vpxd
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -h localhost -c "select ID,DNS_NAME,endorsement_key,attestation_identity_key from VPX_HOST;"
Workaround
If applicable and permitted (ie: do not perform the workaround if the affected host is a part of a vSAN cluster, has VVOL storage, or has distributed switches (VDS)):