Cannot add vtpm on virtual machine residing on standalone host. "the host does not support Native Key Provider."
search cancel

Cannot add vtpm on virtual machine residing on standalone host. "the host does not support Native Key Provider."

book

Article ID: 369538

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When configuring vtpm alongside vSphere Native Key Provider you may see errors like the following:

 

Task Name: Reconfigure virtual machine
Status: A general runtime error occured. Key provider TestKepProvider is not compatible with host examplehost.local Reason: "the host does not support Native Key Provider."

In vpxd log you see similar error message:

2024-06-10T11:02:28.497Z error vpxd[16918] [Originator@6876 sub=CryptoManager opID=lw6e2al5-62525-auto-1c8u-h5:70001597-84] [vim.HostSystem:host-9,examplehost.local] is not compatible with key provide
r TestKeyProvider: native key providers not supported.
2024-06-10T11:02:28.497Z error vpxd[16918] [Originator@6876 sub=CryptoManager opID=lw6e2al5-62525-auto-1c8u-h5:70001597-84] Trusted Key Provider is not compatible with host: com.vmware.vim.vpxd.encrypti
on.NativeKeyProviderNotSupported
2024-06-10T11:02:28.500Z info vpxd[16918] [Originator@6876 sub=Default opID=lw6e2al5-62525-auto-1c8u-h5:70001597-84] [VpxLRO] -- ERROR task-48721 -- host-9 -- vim.HostSystem.configureCryptoKey: vmodl.Ru
ntimeFault:
--> Result:
--> (vmodl.RuntimeFault) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = (vmodl.LocalizableMessage) [
-->       (vmodl.LocalizableMessage) {
-->          key = "com.vmware.vim.vpxd.encryption.kmsNotCompatibleWithHost",
-->          arg = (vmodl.KeyAnyValue) [
-->             (vmodl.KeyAnyValue) {
-->                key = "keyProviderId",
-->                value = "TestKeyProvider"
-->             },
-->             (vmodl.KeyAnyValue) {
-->                key = "host",
-->                value = "examplehost.local"
-->             },
-->             (vmodl.KeyAnyValue) {
-->                key = "reason",
-->                value = "vim.vpxd.encryption.NativeKeyProviderNotSupported"
-->             }
-->          ],
-->          message = <unset>
-->       }
-->    ]
-->    msg = ""
--> }
--> Args:
-->
--> Arg keyId:
-->

Environment

All vCenters

Cause

For vSphere Native Key Provider ESXi host must be part of a cluster.

Resolution

Placing the ESXi host into a cluster resolves the issue and the above errors no longer trigger.

Additional Information

Powered by Wolken Software