Trying to enable vSAN iSCSI target services fails with a generic "Failed to extract the requested data. Check vSphere Client logs for details."

The error is thrown when the "Edit iSCSI Service" dialog is opened. On this dialog there is a dropdown which lists all the eligible policies (when there is a vaild encryption policy) that can be used for provisioning the iSCSI home objects. The UI assumes that there is always at least one encryption policy. As there is always a default encryption policy that is created it is expected to see this window populated with the options to select the default vSAN encryption policy.

When trying to create a new encryption storage policy without having created the encryption storage policy component you will not receive the option for 'Use storage policy component' as this option will only appear if the proper predefined components in your database.

If the proper storage policy component is available, then you will see the 'Use storage policy component' as the second option after the 'Disabled' option.

If there is no default encryption policy then a new encryption policy will need to be created to satisfy the iSCSI target service requirement for an encryption policy by first creating a new encryption storage policy component. After the component is created then a new encryption storage policy can be created.

1. Go to 'Policies and Profiles'

2. Select 'Storage Policy Components'

3. Click 'Create' to create a new storage policy component

4. Verify that 'Allow I/O filters before encryption' is set to false

After the above steps have been completed a new 'default' encryption policy can be created by creating a new storage policy using host-based data services.