Cannot re-install ESXi after changing motherboard and trusted platform module (TPM)
search cancel

Cannot re-install ESXi after changing motherboard and trusted platform module (TPM)

book

Article ID: 423302

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

The ESXi host displays the following error when attempting to re-install ESXi after a hardware failure. 


Error(s)/Warning(s) Found During System Scan
The system encountered the following error(s). 
Error(s)
<SHA1_CERT ERROR: Failed to validate signature type of host certificates: Command crypto-util ++coreDumpEnabled=false,mem=20
          envelope extract --aad ESXConfiguration
     /tmp/tmpptwytllo/local.tgz.ve /tmp/tmpptwytllo/local.tgz exited with code 1>

Environment

ESXi 8.x
ESX 9.x

Cause

The Trusted Platform Module on the ESXi host was replaced and the wrong option was selected during the install process. 
Upgrade ESXi and preserve VMFS datastore were selected. 

ESXi and VMS Found
The selected storage device contains an installation of ESXi and a VMFS datastore. Choose from the following option(s).

( ) Upgrade ESXi, preserve VMFS datastore
( ) Install ESXi, preserve VMFS datastore
( ) Install ESXi, overwrite VMFS datastore

  Use the arrow keys and spacebar to select an option

Resolution

The error indicates that the ESXi configuration and settings are not accessible. 
The ESXi host TPM recovery key is needed for recovery. 

See the following KB for guidance on recovering from a ESXi host failure and TPM replacement with a TPM recovery key: ESXi boot failures due to system configuration issues - restore security configuration, decrypt system configuration, recover system configuration

If the TPM recovery key is not available, a full reinstall of ESXi will be necessary, which will be either of the 2 "Install ESXi" options in the image above. 

Additional Information

Enable TPM on ESXi

Securing ESX Hosts with Trusted Platform Module

Powered by Wolken Software