• While configuring a KMS server in your Key Provider setup to enable encryption, the process halts at the "Client trusts server" step, preventing the connection between the KMS server and the vCenter Server from completing.

• An example is shown below (timestamps may vary).

• The vpxd logs in the vCenter Server indicate a communication failure between the vCenter and the Key Management Server (KMS).

/var/log/vmware/vpxd/vpxd.log

[YYYY-MM-DDTHH:MM:SS] error vpxd[06705] [Originator@6876 sub=CryptoManagerKmipWrapper opID=0c758659-4e] Failed to connect to key server <KMS_Server_IP>:5696 - Err:QLC_ERR_COMMUNICATE Rx response
-->
[YYYY-MM-DDTHH:MM:SS] warning vpxd[06705] [Originator@6876 sub=Default opID=0c758659-4e] Failed to get key <Key_ID> state on key provider <Key_Name>, error 2:
--> Reason:
--> Failed to get key <Key_ID>  state on KMS <KMS_Server_IP>: QLC_ERR_COMMUNICATE;
--> Failed to get key <Key_ID>  state on KMS <KMS_Server_IP>: QLC_ERR_COMMUNICATE;

• QLC_ERR_COMMUNICATE in the logs suggest that vCenter is unable to successfully establish or complete a connection with the KMS.

• The KMS is unable to establish a trusted connection with vCenter, likely due to certificate trust issues or missing CA configuration.

• Reach out to your KMS vendor for further investigation, as trust-related failures are typically logged more accurately on the KMS system.