Cannot add vTPM on virtual machine or enable host encryption on standalone host. "The host does not support Native Key Provider."

search cancel

Cannot add vTPM on virtual machine or enable host encryption on standalone host. "The host does not support Native Key Provider."

book

Article ID: 369538

calendar_today

Updated On: 04-04-2025

Products

VMware vCenter Server

Issue/Introduction

When configuring vTPM alongside vSphere Native Key Provider, you may see following errors:

Task Name: Reconfigure virtual machine OR Configure the host key
Status: A general runtime error occurred. Key provider <key provider name> is not compatible with host <host-fqdn> Reason: "the host does not support Native Key Provider."

The log entries found in the vCenter Server Appliance - path "`/var/log/vmware/vpxd/vpxd.log" looks similar to below`:

[YYYY-MM-DDTHH:MM] error vpxd[16918] [Originator@6876 sub=CryptoManager opID=lw6e2al5-xxxx-auto-1c8u-h5:xxxxxxxx-84] [vim.HostSystem:<host-moid>,<host-fqdn>] is not compatible with key provider TestKeyProvider: native key providers not supported.
[YYYY-MM-DDTHH:MM] error vpxd[16918] [Originator@6876 sub=CryptoManager opID=lw6e2al5-xxxx-auto-1c8u-h5:xxxxxxxx-84] Trusted Key Provider is not compatible with host: com.vmware.vim.vpxd.encryption.NativeKeyProviderNotSupported
[YYYY-MM-DDTHH:MM] info vpxd[16918] [Originator@6876 sub=Default opID=lw6e2al5-xxxx-auto-1c8u-h5:xxxxxxxx-84] [VpxLRO] -- ERROR task-48721 -- <host-moid> -- vim.HostSystem.configureCryptoKey: vmodl.RuntimeFault:
--> Result:
--> (vmodl.RuntimeFault) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = (vmodl.LocalizableMessage) [
-->       (vmodl.LocalizableMessage) {
-->          key = "com.vmware.vim.vpxd.encryption.kmsNotCompatibleWithHost",
-->          arg = (vmodl.KeyAnyValue) [
-->             (vmodl.KeyAnyValue) {
-->                key = "keyProviderId",
-->                value = "TestKeyProvider"
-->             },
-->             (vmodl.KeyAnyValue) {
-->                key = "host",
-->                value = "<host-fqdn>"
-->             },
-->             (vmodl.KeyAnyValue) {
-->                key = "reason",
-->                value = "vim.vpxd.encryption.NativeKeyProviderNotSupported"
-->             }
-->          ],
-->          message = <unset>
-->       }
-->    ]
-->    msg = ""
--> }
--> Args:
-->
--> Arg keyId:
-->

Environment

vCenter Server 8.x
vCenter Server 7.x

Cause

To use vSphere Native Key Provider, the ESXi host must be included in a cluster.

Resolution

Adding the ESXi host to a cluster resolves the issue.

Refer to the following document for instructions on how to add an ESXi host to a cluster. Adding Hosts to a Cluster

Additional Information

vSphere Native Key Provider Overview

Feedback

Was this article helpful?

thumb_up Yes

thumb_down No

Cannot add vTPM on virtual machine or enable host encryption on standalone host. "The host does not support Native Key Provider."

Article ID: 369538

Updated On: 04-04-2025

Products

Issue/Introduction

When configuring vTPM alongside vSphere Native Key Provider, you may see following errors:

The log entries found in the vCenter Server Appliance - path "/var/log/vmware/vpxd/vpxd.log" looks similar to below:

Environment

Cause

Resolution

Additional Information

Feedback

The log entries found in the vCenter Server Appliance - path "`/var/log/vmware/vpxd/vpxd.log" looks similar to below`: