Rebuild a failed ESX host in VCF

search cancel

Rebuild a failed ESX host in VCF

book

Article ID: 411583

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Hardware failure requires replacement of physical component (e.g., motherboard).

TPM enabled on ESX host.
Replacing the motherboard causes ESX to boot to purple screen with error "Unable to restore the system configuration. A security violation was detected...".

Cause

TPM recovery key was not recorded prior to hardware replacement.

Unable to complete steps from KB referenced at bottom of purple boot screen (ESXi boot failures due to system configuration issues - restore security configuration, decrypt system configuration, recover system configuration) due to this, as it requires the encryption recovery key.

Resolution

Perform the following steps to properly remove the host from the environment (decommission) and then add it back to the environment (commission).

VCF 5.2 - Decommission Host
Re-install matching ESX build on failed host and configure appropriately.
Re-commission host in SDDC.

Additional Information

To try and avoid the need to perform these steps in the future due to TPM encryption, prior to performing any hardware replacement for a host, please follow the steps in the below linked article to retrieve and store the TPM encryption recovery key.

"TPM Encryption Recovery Key Backup" warning alarm present in host summary page

Feedback

thumb_up Yes

thumb_down No