Creating a Windows 11 VM in vCenter fails with error: "Microsoft Windows 11 requires a Virtual TPM device, which cannot be added to this virtual machine..."
Article ID: 396090
Updated On:
Products
Issue/Introduction
When attempting to create a Windows 11 VM on vCenter, an error is encountered stating:
"Microsoft Windows 11 (64-bit) requires a Virtual TPM device, which cannot be added to this virtual machine because the vSphere environment is not configured with a key provider."
or,
"Microsoft Windows 11 requires a Virtual TPM device, which cannot be added to this virtual machine because the vSphere environment is not configured with a key provider."
When deploying Windows 11 virtual machines (VMs) in VMware vSphere, a Virtual Trusted Platform Module (vTPM) is a mandatory requirement. vTPM provides enhanced security by allowing guest operating systems to store sensitive cryptographic information, such as encryption keys.
Environment
- VMware vCenter Server 8.0.3
- VMware vSphere ESXi 8.0.3
Cause
When deploying Windows 11 virtual machines (VMs) in VMware vSphere, a Virtual Trusted Platform Module (vTPM) is a mandatory requirement. vTPM provides enhanced security by allowing guest operating systems to store sensitive cryptographic information, such as encryption keys.
Resolution
- Create a native key provider (see vSphere Native Key Provider Overview)
- Ensure that the native key provider is configured to apply to the hosts
- Disable the option "Use key provider only with TPM-protected ESXi hosts" if the hosts do not have a physical TPM 2.0 installed
- Backup the native key provider to activate it
- Ensure that the native key provider is marked as the default key provider
Feedback
