Restore VM using PPDM fails with "Cannot apply encryption policy. You must set the default key provider"
search cancel

Restore VM using PPDM fails with "Cannot apply encryption policy. You must set the default key provider"

book

Article ID: 411903

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Unable to restore VM with Native key provider enabled to different vCenter 

Environment

vCenter Server 7.x

vCenter Server 8.x

Cause

Key ID and provider information are not pushed to the vCenter database. The key provider is not set default 

Resolution

1. Backup and restore the Key Providers from source vCenter to Destination 

Restore a vSphere Native Key Provider Using the vSphere Client

2. Set the key provider as default ( Set it as default on the destination vCenter )

3. Validate the vCenter database with the below commands if the key ID updated to the database from the source vCenter to the destination vCenter 

  Connect to the database :   psql -U postgres -d VCDB -h localhost

Run the below command 

    select id, dns_name, crypto_state, crypto_key_id, crypto_key_provider_id, crypto_enable from vpx_host where dns_name like '%<esxi-host-fqdn>%';

 

Powered by Wolken Software