After ESXi host reboot/power cycle, TPM attestation fails in vCenter with "Internal Failure"
Article ID: 410120
Updated On:
Products
Issue/Introduction
The host shows below error after host reboot/power cycle even if the configurations are correct.
vpxd.log shows that the host starting attestation as expected and then suddenly it fails with host communication:
YYYY-MM-DDTHH:MM:SS info vpxd[05972] [Originator@6876 sub=Attestation opID=##-####-######@##-########-#########-#######] Starting host attestation; [vim.HostSystem:host-######,host.domain]
YYYY-MM-DDTHH:MM:SS warning vpxd[05972] [Originator@6876 sub=Attestation opID=##-####-######@##-########-#########-#######] Failed to update integrity report; [vim.HostSystem:host-######,host.domain], N5Vmomi5Fault17HostCommunication9ExceptionE(Fault cause: vmodl.fault.HostCommunicationEnvironment
VMware vSphere ESXi 6.5
VMware vSphere ESXi 6.7
VMware vSphere ESXi 7.0
VMware vSphere ESXi 8.0
Cause
Due to the abrupt nature of the reboot/power cycle, an asynchronous tcp connection may not be closed correctly between the host and vCenter.
vCenter will then try to reconnect before the power cycle is finished resulting in fail TPM attestation.
Resolution
Engineering is aware of the issue and working on a fix for version 9.
Currently the only workaround is to restart a synchronization with the host to restart TPM attestation
1. Disconnect and Reconnect the host to vCenter:
- In the vSphere Client, right-click on the affected host.
- Select "Disconnect".
- Wait for the host to disconnect fully.
- Right-click on the host again and select "Connect".
- Wait for the host to reconnect and rescan.
OR
2. restart vpxa on the host :
/etc/init.d/vpxa restart
Additional Information
Check for network congestion between the host and vCenter: ESXi host disconnects intermittently from vCenter Server
Feedback
