Juli 2024

If you get this Message on a HPE ProLiant Server

here is a way to solve it.

First, set the Host in Maintenance Mode.
Than open a CLI connection to the ESXi and Enter:

esxcli system settings encryption get
Mode: TPM Require Executables Only From Installed VIBs: false
Require Secure Boot: false

Set Secure Boot to true with:
esxcli system settings encryption set –require-secure-boot=T

Verify the change.
esxcli system settings encryption get
Mode: TPM Require Executables Only From Installed VIBs: false
Require Secure Boot: true

To save the setting, run the following command:
/bin/backup.sh 0

Now Reboot the Server and Enter the UEFI BIOS by pressing F9.
Change TPM Settings in
System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Trusted Platform Module Options
as here:

Annotation:
VMware ESXi 7.0 cannot handle SHA386.
SHA386 only works with VMware ESXi 8.0.

F12: Save and Exit for Reboot

Maybe vCenter is now showing this

in that case, go back to CLI and enter
esxcli system settings encryption recovery list

Save the output in a secure, remote location as a backup, in case you must recover the secure configuration.
Now, Right-click on the alarm and select Reset to Green.

Done

Reference:
Enable or Disable the Secure Boot Enforcement for a Secure ESXi Configuration (vmware.com)

Monat: Juli 2024

Solve vCenter Host TPM attestation alarm with HPE ProLiant

Recent Posts

Recent Comments

Archives

Categories