Creating a Windows 11 VM in vCenter fails with error: "Microsoft Windows 11 requires a Virtual TPM device, which cannot be added to this virtual machine..."
search cancel

Creating a Windows 11 VM in vCenter fails with error: "Microsoft Windows 11 requires a Virtual TPM device, which cannot be added to this virtual machine..."

book

Article ID: 396090

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When attempting to create a Windows 11 VM on vCenter, an error is encountered stating:

"Microsoft Windows 11 (64-bit) requires a Virtual TPM device, which cannot be added to this virtual machine because the vSphere environment is not configured with a key provider."

or,

"Microsoft Windows 11 requires a Virtual TPM device, which cannot be added to this virtual machine because the vSphere environment is not configured with a key provider."

When deploying Windows 11 virtual machines (VMs) in VMware vSphere, a Virtual Trusted Platform Module (vTPM) is a mandatory requirement. vTPM provides enhanced security by allowing guest operating systems to store sensitive cryptographic information, such as encryption keys.

Environment

  • VMware vCenter Server 8.0.3
  • VMware vSphere ESXi 8.0.3

Cause

When deploying Windows 11 virtual machines (VMs) in VMware vSphere, a Virtual Trusted Platform Module (vTPM) is a mandatory requirement. vTPM provides enhanced security by allowing guest operating systems to store sensitive cryptographic information, such as encryption keys.

Resolution

Step 1: Configure a Native Key Provider (NKP)  (see vSphere Native Key Provider Overview)

  1. Log in to the vSphere Client.
  2. Navigate to vCenter Server > Configure > Security > Key Providers.
  3. Click Add > Add Native Key Provider.
  4. Enter a Name for the provider.
  5. If physical ESXi hosts do not contain hardware TPM 2.0 chips, uncheck Use key provider only with TPM-protected ESXi hosts.
  6. Select the new provider and click Back Up.
  7. Download and securely store the .p12 backup file. The Key Provider transitions to Active only after this backup is complete.

Step 2: Add vTPM to the Virtual Machine (Create a Virtual Machine with a Virtual Trusted Platform Module)

  1. Initiate the New Virtual Machine workflow or edit settings of a powered-off VM.
  2. In the Customize Hardware step, select Add New Device > Trusted Platform Module.
  3. Navigate to VM Options > Boot Options.
  4. Set Firmware to EFI and ensure Secure Boot is enabled.
  5. Complete the VM creation and proceed with the Windows 11 installation.

 

Powered by Wolken Software