Compatibility error during vMotion of a vTPM-enabled virtual machine caused by insufficient user privileges

search cancel

Compatibility error during vMotion of a vTPM-enabled virtual machine caused by insufficient user privileges

book

Article ID: 414241

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

A compatibility check error occurs when attempting vMotion on a vTPM-enabled virtual machine during a cross-vCenter migration.Error: A general runtime error occurred. Session does not have Cryptographer.RegisterHost privilege

Cause

The issue occurred because the destination ESXi host was not in Safe Mode, and the user lacks the "Cryptographic operations > Register Host" privilege.

Resolution

The following privileges are required to migrate or clone an encrypted virtual machine across vCenter instances:

For Migration: Cryptographic operations > Migrate on the virtual machine
For Cloning: Cryptographic operations > Clone on the virtual machine

Additionally, the destination vCenter Server must have the Cryptographic operations > Encrypt New privilege. If the destination ESXi host is not in Safe Mode, the Cryptographic operations > Register Host privilege is also required on the destination vCenter Server.

Safe Mode:
When host encryption mode is enabled, vCenter Server installs a host key on the ESXi host, ensuring that the host is cryptographically safe.

To resolve the issue, Grant the user the Cryptographic operations > Register Host privilege to enable vMotion on the encrypted VM. Follow: Using vCenter Server Roles to Assign Privileges

Additional Information

Migrating or Cloning Encrypted Virtual Machines Across vCenter Server Instances

Feedback

thumb_up Yes

thumb_down No