When performing an in-place upgrade from Windows 10 to Windows 11 on virtual machines (VMs) hosted on VMware ESXi, the upgrade may fail due to Trusted Platform Module (TPM) compatibility issues. Windows 11 requires a TPM 2.0, which may not be configured by default in vSphere VMs, resulting in an error during the upgrade process.
VMware vSphere 7.x
VMware vSphere 8.x
Virtual Machine with Windows 11
The Windows 10 to Windows 11 upgrade fails because the virtual machine (VM) is missing a virtual Trusted Platform Module (vTPM), which is required for Windows 11. To use a vTPM in vSphere, you need a Key Management Server (KMS) or vSphere Native Key Provider set up, which may not be configured in your environment.
To resolve the TPM compatibility issue and enable the Windows 10 to Windows 11 in-place upgrade, configure a vSphere Native Key Provider on the vCenter Server and add a vTPM to the affected VMs. Follow these steps:
Prerequisites:
vTPM is supported in vSphere 7.0 Update 2 and later, see vSphere Native Key Provider Overview
Confirm the VM’s hardware version is 14 or higher (required for vTPM).
Configure vSphere Native Key Provider:
Log in to the vSphere Client as an administrator.
Navigate to vCenter > Configure > Key Providers.
Add a Native Key Provider:
Select Add Native Key Provider.
Enter a name (e.g., NativeKeyProvider) and generate a key.
Back up the key as prompted (store securely).
For detailed instructions, refer to the VMware documentation: Configure a vSphere Native Key Provider.
Add a Virtual TPM to the VM:
Click Add New Device > Trusted Platform Module.
Select the configured Native Key Provider and confirm.
Ensure the VM’s guest OS is set to Windows 10 or later (64-bit) and uses EFI boot.
For detailed steps, refer to: Enable Virtual Trusted Platform Module for an Existing Virtual Machine.
In the VM settings, expand the "VM Options" section.
Set the firmware to "EFI".
Check the box for "Secure Boot".
Save the changes.
See Microsoft article: "Ways to install Windows 11"