Encrypted VM migration warning during HCX bulk migration
Article ID: 414786
Updated On:
Products
VMware HCX
Issue/Introduction
- During HCX bulk migration of encrypted virtual machines, the following warning or error message is displayed:
Virtual machine <VM name> is encrypted. Use an Encryption Storage Policy to migrate. Migrate <VM name> to a vCenter Server configured with the source encryption provider.
Environment
VMware HCX
Cause
The issue occurs due to incomplete or mismatched encryption configurations between the source and target environments, such as:
-
KMS/NKP not configured on the target site.
-
KMS name or IP mismatch between sites.
-
NKP configuration not exported/imported.
-
Unsupported vSphere version (KMS: 6.7+, NKP: 7.0 U2c+).
-
Missing or inactive HBR agent.
-
Missing secure listener or firewall rule for port 32032.
Resolution
- Configure the same KMS/NKP on both source and target sites.
- Verify KMS names/IPs match and NKP configuration is imported.
- Ensure environments meet the minimum vSphere version requirements.
- Install and start the HBR agent on source ESXi hosts.
- Allow port 32032 in firewall and select an Encryption Storage Policy during migration.
Additional Information
Feedback
Yes
No
Powered by
