ESXi PSOD: "Unable to restore the system configuration. A security violation was detected" after reinstallation
Article ID: 428266
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
- After performing a reinstallation or upgrade of ESXi, the host fails to boot into the hypervisor and triggers a Purple Screen of Death (PSOD) with the following error message:
The system has found a problem on your machine and cannot continue.Unable to restore the system configuration. A security violation was detected. https://knowledge.broadcom.com/external/article/312109
- The error persists even after:
- Reinstalling the ESXi.
- Toggling Secure Boot (Enable/Disable) in the BIOS.
- Toggling the TPM (Trusted Platform Module) status.
- Attempting "Recover Options" from the boot menu.
Environment
- VMware vSphere ESXi 9.x
- VMware vSphere ESXi 8.x
Cause
- This issue typically occurs when the TPM contains stale or mismatched encryption metadata/keys from a previous installation.
- Even if the ESXi software is reinstalled, the Secure Boot process detects a discrepancy between the new system configuration and the persisted keys stored in the hardware TPM cache. Because ESXi 8.x and above strictly enforces the integrity of the system configuration when a TPM is present, it halts the boot process to prevent a potential security breach.
Resolution
- To resolve this issue, perform a hardware-level clear of the TPM reaching out to respective hardware vendor and reinstall ESXi.
- If this still fails with the same error, capture the serial logs referring to the KB - Enabling serial-line logging for ESXi and reach out to Broadcom Support.
- Simultaneously, contact hardware vendor to investigate the hardware possibly due to some of the issues below may have occurred
(Note: This is not an all inclusive list but list of a few possible causes.)- The TPM chip is broken/data is corrupted, hence writing to memory fails.
- TPM chip seating problem
- System broad issues
Feedback
Yes
No
Powered by
