VCenter shows attestation status failed for ESXi host with message "internal failure"
search cancel

VCenter shows attestation status failed for ESXi host with message "internal failure"

book

Article ID: 380499

calendar_today

Updated On: 04-21-2025

Products

VMware vSphere ESXi VMware vSphere ESXi 7.0 VMware vSphere ESXi 8.0 VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

  • The kmxa logs are reporting multiple errors: "Trust Authority Components not configured."
    /var/run/log/kmxa error kmxa[2101342] [Originator@6876 sub=Libs opID=InitCache-52da6835-xxxx-yyyy-zzzz-f371a7f97d92-0] Trust Authority Components not configured.
    /var/run/log/kmxa.error kmxa[2098269] [Originator@6876 sub=Libs opID=InitCache-52da6835-xxxx-yyyy-zzzz-f371a7f97d92-0] Trust Authority Components not configured.
    /var/run/log/kmxa.error kmxa[2098265] [Originator@6876 sub=Libs opID=InitCache-52da6835-xxxx-yyyy-zzzz-f371a7f97d92-0] Trust Authority Components not configured.
    /var/run/log/kmxa.error kmxa[2098268] [Originator@6876 sub=Libs opID=InitCache-52da6835-xxxx-yyyy-zzzz-f371a7f97d92-0] Trust Authority Components not configured.

  • vpxd logs show the event: "No cached identity key, loading from DB."
    /var/log/vmware/vpxd/vpxd.log: info vpxd[07703] [Originator@6876 sub=Attestation opID=HB-host-3532@78-78a1642-WorkQueue-30e69386] No cached identity key, loading from DB
    /var/log/vmware/vpxd/vpxd.log: info vpxd[06114] [Originator@6876 sub=Attestation opID=HB-host-3377@79-49f765da-WorkQueue-52a938] No cached identity key, loading from DB
    /var/log/vmware/vpxd/vpxd.log: info vpxd[07776] [Originator@6876 sub=Attestation opID=HB-host-3825@78-747ec640-WorkQueue-2822ca5d] No cached identity key, loading from DB
    /var/log/vmware/vpxd/vpxd.log: info vpxd[06190] [Originator@6876 sub=Attestation opID=HB-host-3381@87-3f4d8731-WorkQueue-1a33359a] No cached identity key, loading from DB

  • Additionally, the vCenter journalctl logs are reporting the error: "Host TPM attestation failed for host in datacenter datacentername: Internal failure."

Environment

  • VMware vSphere ESXi 7.x
  • VMware vCenter Server 7.x
  • VMware vSphere ESXi 8.x
  • VMware vCenter Server 8.x

Cause

  • TPM 2.0 was recently added to the host
  • TPM was added while the host was connected to the vCenter.

Resolution

  • If the attestation status of the host is failed, check the vCenter Server vpxd.log file for the following message: No cached identity key, loading from DB
  • This message indicates that you are adding a TPM 2.0 chip to an ESXi host that the vCenter Server already manages. You must first disconnect the host, and then reconnect it.

How to Disconnect Your Managed ESXi Host

    • Procedure

    • Navigate to Home > Hosts and Clusters and select a host.

    • Right-click the host and select Connection > Disconnect from the pop-up menu.

    • In the confirmation dialog box that appears, click Ok.

      If the managed host is disconnected, the word “disconnected” is appended to the object name in parentheses, and the object is dimmed. All associated virtual machines are similarly dimmed and labeled.

How to Reconnect Your Managed ESXi Host

    • Procedure

    • Navigate to Home > Hosts and Clusters and select a host.

    • Right-click the host and select Connection > Connect from the pop-up menu.

    • When the managed host’s connection status to the vCenter Server is changed, the statuses of the virtual machines on that managed host are updated to reflect the change.

Additional Information

Powered by Wolken Software