Automation

 View Only
Expand all | Collapse all

ESXi Host Encryption Mode

  • 1.  ESXi Host Encryption Mode

    Posted Oct 26, 2022 06:17 PM

    Can someone please help me to find a script that I can enable Host Encryption Mode for our 200+ ESXi hosts by a powershell script?
    Thanks in advance! 

    NeenaJim_0-1666808117559.png

     



  • 2.  RE: ESXi Host Encryption Mode

    Posted Oct 27, 2022 01:43 PM

     , would you please help me to perform this task?



  • 3.  RE: ESXi Host Encryption Mode



  • 4.  RE: ESXi Host Encryption Mode

    Posted Oct 27, 2022 09:46 PM

    Many thanks for sharing and very useful link



  • 5.  RE: ESXi Host Encryption Mode

    Posted Nov 01, 2022 02:47 PM

    NeenaJim_0-1667313932168.png

    I am not sure if I am doing this correct or not. I am getting this message. I have connected the ESXi host with its root account from powershell and ran that command. Any suggestion  ?

     



  • 6.  RE: ESXi Host Encryption Mode

    Posted Nov 01, 2022 05:06 PM

    Looks like you didn't install the  VMware.VMEncryption module.

    That is a open source module and doesn't come automatically when you install PowerCLI.



  • 7.  RE: ESXi Host Encryption Mode

    Posted Nov 03, 2022 04:37 PM

    I've tried to install the module: VMware.VMEncryption. But I dont think I am doing it right. What I have done is. Open that page and I could see this:

    NeenaJim_0-1667493290629.png

    Then I opened the file and copied its content and ran it from PowerShell. But nothing happened. So at this point I am stuck. I am really sorry I couldn't follow the steps. 

    NeenaJim_1-1667493348502.png

     



  • 8.  RE: ESXi Host Encryption Mode

    Posted Nov 03, 2022 05:38 PM

    You have to install both files (.psd1 and .psm1) in a folder that you name VMware.VMEncryption
    That folder has be in one of the folders mentioned in $env:PSModulePath



  • 9.  RE: ESXi Host Encryption Mode

    Posted Nov 03, 2022 06:21 PM

    I've copied both files in the location and then ran that command again and getting this:

    NeenaJim_0-1667499595459.png

    NeenaJim_1-1667499672432.png

     



  • 10.  RE: ESXi Host Encryption Mode

    Posted Nov 03, 2022 06:57 PM

    That Get-KmsCluster is part of the VMware.VimAutomation.Storage module.
    Like Kamen already said, you don't need to specify that module prefix.
    The problem is that the Get-KmsCluster cmdlet is also part of the VMware.VMEncryption module.


    Just try with Get-KmsCluster, without prefix.
    Or try with VMware.VMEncryption\Get-KmsCluster



  • 11.  RE: ESXi Host Encryption Mode
    Best Answer

    Posted Nov 04, 2022 03:01 PM

     You can follow below method to achieve your task. This has been tested on mentioned powerCLi version and working fine as well.

     

     

    <#
    Set-VMHost_Encrypt.ps1
    Prerequisties: Install PowerCLI module version:VMware.PowerCLI 12.6.0 build 19610541.
    Validate that below Cmdlet is available in this.
    Get-Command -Name Get-KeyProvider --> To validate Keyprovider Cmdlet
    Cmdlet	Get-KeyProvider	12.6.0.19609013	VMware.VimAutomation.Storage	
    
    #>
    
    
    Import-Module VMware.VMEncryption
    $vmhosts = Get-VMHost -State Connected #Get-Content "C:\HostList.txt"
    
    foreach ( $vmhost in $vmhosts){
    
    $keyprovider = Get-KeyProvider | select -First 1
    
    Get-VMHost $vmhost |Set-VMHost  -KeyProvider $keyprovider
    
    }

     

     



  • 12.  RE: ESXi Host Encryption Mode

    Broadcom Employee
    Posted Nov 02, 2022 08:53 AM

    Try it like this:

    set-vmhost ESX111 -KmsCluster (get-kmscluster kmscluster111)

     If you don't have two different modules that contain the same Get-KmsCluster command the module identifier should not be required.