Re: Virtual TPM error

RA5 · ‎10-15-2021

I'm running into an error that I can't seem to resolve. Setup:

Dell R640 running 7.0U3 with Vcenter 7.0U3

In Vcenter I added a native key provider and backed it up. The native key providers looks OK.

I create a new VM with a Virtual TPM and it it returns this error.

A general runtime error occurred. Key provider vTPM2 is not compatible with the host Reason: The host does not support Native Key Provider

I have tried deleting the native key provider and creating a new one but that hasn't helped. Looks like a Vcenter bug?

alantz · ‎10-15-2021

That sounds like you are trying to do encryption on the host which will use TPM, vTPM will be just for your VM's.

--Alan--

RA5 · ‎10-15-2021

Not exactly. From the VM, I add TPM, and after I click complete, I receive that error message.

alantz · ‎10-15-2021

Hmm, thats odd. It almost sounds like licensing. I'm not sure what level the host needs to be at, I think vcenter TPM can be added with any license level. Something to check on.

--Alan--

RA5 · ‎10-15-2021

I have the appropriate license.

alantz · ‎10-17-2021

Is your host part of a cluster ?

--Alan--

RA5 · ‎10-17-2021

It's not part of a cluster. I have 2 hosts attached to attached to Vcenter. One running 6.5 (currently turned off) and one running 7 u3.

alantz · ‎10-17-2021

Pretty sure that is the issue then. Hosts have to be in a cluster for TPM.

--Alan--

nachogonzalez · ‎10-17-2021

Yeah, it needs to be in a cluster.

Blog Nachogonzalez.com.ar Twitter @nachogon_

RA5 · ‎10-18-2021

OH! Thank you, that wasn't obvious to me. This is running in my lab (single host with Vcenter). It doesn't look like I can configure a cluster with Vcenter running on the lone host?

alantz · ‎10-18-2021

You should be able to have a single host in a cluster, its just a little unusual to do so.

--Alan--

RA5 · ‎10-18-2021

It asked me to put the host in maintenance mode which means shutting down the VMs. Is that chicken/egg scenario?

alantz · ‎10-18-2021

I've never tried that, but I would probably let it go ahead and if you don't have vcsa set to automatically run at start then you will have to go to the host gui and start vcsa manually after it adds to the cluster.

--Alan--

Martin26 · ‎10-22-2021

Hello,

I seeing the same thing running vSphere Essentials, VMware ESXi, 7.0.3, 18644231 on a Dell R640, BIOS Version 2.12.2

A general runtime error occurred. Key provider [name of key] Key is not compatible with the host [host name]. Reason: "The host does not support Native Key Provider."

My understanding is vTPN should work an any licence and you don't need HA.

Thanks

alantz · ‎10-22-2021

And your host is part of a cluster ?

--Alan--

Martin26 · ‎10-28-2021

Hi Alan,

Thanks for your reply.

No it's not, I'm running vSphere Essentials so I don't have the option.

My understanding is you don't need a cluster if you're just using vTPM.

alantz · ‎10-28-2021

I'm thinking you can't use the native provider without vcenter. Maybe you could use standard with KMS.

--Alan--

RA5 · ‎11-01-2021

I have created a cluster in Vcenter and added a single host to the cluster. The vTPM can now be added to VMs on that host. Seems like an arbitrary limit and/or bug to restrict this to hosts in a cluster.

Martin26 · ‎11-01-2021

ok, I found the cluster menu and can now add the vTPM

Create a Cluster (vmware.com)

Thanks,

Martin

All

Virtual TPM error