Virtual machine encrypt option is grayed out.
search cancel

Virtual machine encrypt option is grayed out.

book

Article ID: 413450

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Following error message is observed when VM encryption policy is selected: Some of the data services referenced by the rule-set are currently unavailable. Rules based on them cannot be displayed.

  • The host-based services option (As highlighted in red) is unavailable when attempting to edit the VM storage policy in vCenter:  

Menu > Policies and Profiles > VM Storage Policies > Edit VM encryption policy.

  • Host Based Services becomes available in storage policy wizard when at least one I/O filter is installed and registered but I/O filters are missing in vCenter under Configure > Storage Provider

Environment

  • VMware vCenter Server appliance 8.x 

Cause

  • TCP port 9080 which is required for I/O filter communication was blocked by the firewall, resulting in I/O filter missing which is critical for enabling VM encryption.

Resolution

  • Ensure that the IO Filter provider URLs can be reached from the vCenter, by running wget against them : wget https://esxhost.fqdn.local:9080/version.xml

Expected Output :

--YYYY-MM-DD hh:mm:ss--  https://esxhost.fqdn.local:9080/version.xml
Resolving esxhost.fqdn.local.. ###.###.###.###
Connecting to esxihost.fqdn.local|###.###.###.###|:9080... connected.
HTTP request sent, awaiting response... 200 OK
Length: 188 [text/xml]
Saving to: ‘version.xml’

version.xml                               100%[===================================================================================>]     188  --.-KB/s    in 0s

YYYY-MM-DD dd-hh-ss (10.7 MB/s) - ‘version.xml’ saved [188/188]

  • Open the 9080 TCP port from vCenter to ESXi host if the port is blocked.

  • Encrypt the virtual machine once the port has been opened.
Powered by Wolken Software