Alarm Host Requires Encryption Mode Enabled , when Encryption Mode is enabled
search cancel

Alarm Host Requires Encryption Mode Enabled , when Encryption Mode is enabled

book

Article ID: 411603

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • vCenter alarm reporting "Host Requires Encryption Mode Enabled" for a specific host(s).
  • When viewing the "Triggered Alarms" for vCenter, you see the following:
  • Logging into the offending host and running the command <esxcli system settings encryption get>:
    • All hosts in the cluster should have the same settings shown above.
  • There are no encrypted VMs in the cluster. 
  • Windows 11 testing may have been occurring on the affected host/cluster.
  • Only Native Key Encryption is being used. 

Environment

VMware vSphere 8.x

Cause

  • vCenter holds stale task data with respect to which encryption key the host is using. 
  • Windows 11 requires vTPMs be utilized - this in-turn would cause host-encryption to be enabled. 

Resolution

  • Utilize KB:311922 to confirm the host is using the correct Key Provider.
  • If the alarm is not resolved make sure the host is in MM and move host out of the cluster. 
    • Verify alarm state. Try to reset the alarm to green and monitor to see if alarm returns. 
  • If the alarm returns or is not cleared, perform a vCenter reboot to clear the stale task data.
    OR
  • Disconnect offending host from vCenter and remove from VC inventory. This will remove all records of this host's MOID from VC DB.
Powered by Wolken Software