Running the PowerCLI cmdlet Open-VMConsoleWindow for encrypted or vTPM-enabled virtual machines to launch the VM console results in the following error:

PS C:\Windows\system32> Open-VMConsoleWindow "vmname"
Open-VMConsoleWindow : Permission to perform this operation was denied.
At line:1 char:1
+ Open-VMConsoleWindow "vmname"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Open-VMConsoleWindow], VimException
    + FullyQualifiedErrorId : VMware.Vim.VimException,VMware.VimAutomation.ViCore.Cmdlets.Commands.OpenVMConsoleWindow

The following error message is observed in the vpxd logs:

error vpxd[06793] [Originator@6876 sub=Default opID=61ef7cd2] [VpxLRO] -- ERROR lro-7410345 -- 5299ea01-ab18-f106-0e8e-1ecd3bedbf06(52a54140-359d-bb3f-aeb3-628fabc48412) -- vm-id-- vim.VirtualMachine.acquireTicket: :vim.fault.NoPermission
--> Result:
--> (vim.fault.NoPermission) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> object = 'vim.VirtualMachine:f770e0f4-e692-4926-890f-69440d1826cd:vm-id',
--> privilegeId = "Cryptographer.Access",
--> missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) [
--> (vim.fault.NoPermission.EntityPrivileges) {
--> entity = 'vim.VirtualMachine:f770e0f4-e692-4926-890f-69440d1826cd:vm-id',
--> privilegeIds = (string) [
--> "Cryptographer.Access"
--> ]
--> }
--> ]
--> msg = ""
--> }
--> Args:
-->
--> Arg ticketType:
--> "webmks"

VMware vCenter Server 7

VMware vCenter Server 8

VMware ESXi Server 7

VMware ESXi Server 8

VMware PowerCLI

To resolve this issue, Cryptographer.Access privilege must be added to Virtual Machine Console User role, as demonstrated below.