Unable to deploy new Windows 11 vm's from vCenter. Deployment fails with alert "Permission to perform this operation was denied. You do not hold privileges "HostSystem.text 46: [Cryptographic operations > Register host]""
search cancel

Unable to deploy new Windows 11 vm's from vCenter. Deployment fails with alert "Permission to perform this operation was denied. You do not hold privileges "HostSystem.text 46: [Cryptographic operations > Register host]""

book

Article ID: 440276

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

  • The deployment of Windows 11 Virtual Machines (VMs) fails within VMware vCenter Server 8.0 Update 3. The operation generates the following permission error during the VM creation or registration phase:

This issue prevents the successful deployment of modern operating systems that explicitly require Virtual Trusted Platform Module (vTPM) functionality.

Environment

VMware vCenter Server

VMware vSphere ESXi

Cause

The operation fails due to a lack of mandatory cryptographic privileges assigned to the user or group executing the task. Windows 11 requires a Virtual Trusted Platform Module (vTPM). The creation, registration, or encryption of a VM utilizing a vTPM requires the Cryptographic operations > Register host privilege at the Host System level, alongside standard virtual machine configuration rights.

Resolution

Assign the following minimum cryptographic privileges to the affected user's role at the vCenter Server or ESXi Host level to support Windows 11 vTPM creation:

  • Log in to the vSphere Client as an Administrator.

  • Navigate to Administration > Roles.

  • Select the role assigned to the affected user and click Edit.

  • Navigate through the privilege tree and grant the following permissions:

    • Cryptographic operations > Register Host
    • Cryptographic operations > Register VM
    • Cryptographic operations > Encrypt new
    • Virtual machine > Configuration > Add or remove device

  • Save the modified role.

  • Retry the Windows 11 VM creation workflow.

Additional Information

For comprehensive details on vTPM and cryptographic privileges, refer to the following Broadcom TechDocs:

Cryptographic Operations Privileges

Add Virtual Trusted Platform Module to an Existing Virtual Machine

 

If you need assistance checking the permissions for specific users or groups see Using the "authz-doctor" tool to identify vCenter permission issues

Powered by Wolken Software