Data -At -Rest encryption can't be enabled, it fails with the error "Key provider is not available on host"
search cancel

Data -At -Rest encryption can't be enabled, it fails with the error "Key provider is not available on host"

book

Article ID: 420417

calendar_today

Updated On:

Products

VMware vSAN VMware vSAN 8.x

Issue/Introduction

Enabling Data-At-Rest encryption on a 9.x vSAN ESA Cluster with a Native Key provider  fails with the error "Key provider is not available on host."



Environment

VMware vSAN 9.x ESA 
Native Key Provider

Cause

The Host Encryption Mode was not enabled for the vSAN Hosts.

When trying to enable the Host Encryption Mode, it failed because the TPM device was missing from the host.


Resolution

Add a new Native Key Provider with the checkbox "Use key provider only with TPM protected ESXi hosts" not checked.



  • Once the new Key provider is created, use it when enabling the vSAN Data-At-Rest encryption.

Additional Information

For additional Questions and answers about NKPs, see vSphere Native Key Provider (NKP) Questions & Answers

Troubleshooting vSAN Encryption

Powered by Wolken Software