ESXi host Encryption Mode - Rekey an ESXi to use new Default Key Provider
search cancel

ESXi host Encryption Mode - Rekey an ESXi to use new Default Key Provider

book

Article ID: 384267

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vSphere ESXi 7.0 VMware vCenter Server 7.0

Issue/Introduction

  • When trying to enable Encryption on an ESXi Host after changing Key Provider from standard to native the option to enable encryption is greyed out in the vCenter UI configurations of ESXi Host. 
  • If old KMS server is powered off you will see similar error to below when trying to enable from summary tab

  • "A general runtime error occurred. Key ##################/KMS-Name not found"
  • Encryption Mode for ESXi shows as disabled and will not allow us to enable through the vCenter UI: 

Environment

  • vCenter Server 7.0
  • vSphere ESXi 7.0 

Cause

Mentions of old Key Provider information are still present and enabling encryption for ESXi through the vCenter UI for it to use new Default Key provider does not go through successfully 

Resolution

Please apply below steps through the MOB - https://vcenter-fqdn/mob 

NOTE: Ensure ESXi not in Maintenance Mode 

Once logged in as SSO administrator here, follow below steps: 

1. Select  Content > group d1 > datacenter name > Select ESXi Host

2. Now, navigate to the ConfigureCryptoKey option and enter the Default Key Name as seen in vCenter UI 

Example below, where highlighted enter Key Provider name here :

3. Select to Invoke Method 

4. Navigate back to vCenter UI for affected ESXi host and confirm Encryption mode can be enabled 

Powered by Wolken Software