WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple

Quick Tip - Which vCenter Server Key Provider (KMS) is a VM using?

03.27.2025 by William Lam // 3 Comments

vCenter Server requires a Key Management Service (KMS) for enabling VM Encryption, vTPM, or vSAN Encryption. Users have the choice of configuring the embedded Native Key Provider (NKP) built into vCenter Server and/or use an external KMS with the Standard Key Provider (SKP) option.


If you have more than one KMS configured in vCenter Server, you can specify one of the KMS key providers to be your default, which will automatically be used for any KMS-related activities. You can switch between the default KMS key provider and you can certainly specify a specific KMS key provider when using the vSphere API to provision a VM that will leverage VM encryption.

So how do you figure out which KMS key provider a VM is using?

[Read more...]

Categories // Automation, PowerCLI, VCSA, vSphere Tags // KMS, TPM, VM Encryption

Clearing TPM alarms after replacing TPM chip or resetting TPM keys for ESXi

06.07.2023 by William Lam // 13 Comments

If you have a supported Trusted Platform Module (TPM) device that has been installed in your ESXi host after the initial installation and you either replace the TPM chip and/or you reset the TPM keys within the system BIOS, you may find several TPM alarms that is raised within your vCenter Server including:

  • Host TPM attestation alarm
  • TPM Encryption Recovery Key Backup Alarm
  • The new host TPM endorsement key doesn't match the one stored in the DB


I recently had to resolve this in my lab after clearing the TPM keys within the system BIOS, this was for some testing I was doing, but I could not figure out how to get vCenter Server to clear the previous endorsement keys associated with the ESXi host.

After a bit of searching, I came across this VMware KB 81446 which outlines a solution to one the scenarios I mentioned above where you would see these TPM alarms, which is replacing the TPM chip, but I came to find out that the workflow is also applicable if you had cleared the TPM keys and new ones were generated prior to re-installing ESXi. The KB was missing a some details, which I have already shared in the feedback and I think there is a more streamline method which I have shared below.

[Read more...]

Categories // ESXi Tags // ESXi, TPM

Quick Tip - TPM 2.0 connection cannot be established after upgrading to ESXi 8.0

10.18.2022 by William Lam // 12 Comments

There has been several reports from folks internally and within the community that after upgrading to ESXi 8.0, they are now seeing the following TPM error message:

TPM 2.0 device detected but a connection cannot be established.


The common theme between all these reported cases that I have seen is that they are all using an Intel NUC. While the Intel NUCs may list TPM support, they do not support either TPM Interface Specification (TIS) for TPM 1.2 or the First In, First Out (FIFO) for TPM 2.0, which are industry standards for communicating with a TPM device that ESXi uses.

[Read more...]

Categories // ESXi, Home Lab, vSphere 8.0 Tags // ESXi 8.0, TPM, vSphere 8.0

  • 1
  • 2
  • Next Page »

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • VMware Flings is now available in Free Downloads of Broadcom Support Portal (BSP) 05/19/2025
  • VMUG Connect 2025 - Minimal VMware Cloud Foundation (VCF) 5.x in a Box  05/15/2025
  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...