VMware vSphere

 View Only

  • 1.  Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Oct 26, 2023 03:37 PM

    Hi all,

    i have a fresh installed vCenter Installation what shows a triggered alarm: Host TPM attestation alarm but no details.

    Sofa__0-1698334539468.png

    Can anybody tell me where i find details what the problem is?

    Thanks



  • 2.  RE: Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Oct 27, 2023 12:00 PM

    You need to figure out how to enable the TPM 2.0 module in your system BIOS. What type of hardware are you using? We have to do this with our Dell equipment when we first deploy it.



  • 3.  RE: Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Oct 28, 2023 07:11 AM

    Hi there,

    It's a Dell PowerEdge, the TPM is Enabled.

    Sofa__0-1698477019411.png

     



  • 4.  RE: Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Oct 31, 2023 02:52 PM

    But is it enabled the way VMware wants it done? The default settings were not good enough for me. 

    Look at this post 

    https://www.reddit.com/r/vmware/comments/q5hk72/dell_r640_vmware_vcenter_70u3_esxi_702u2a05_dell/



  • 5.  RE: Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Nov 02, 2023 06:47 PM

    Thanks for you Reply but i can't see any usable hint to get me forward.

    Is there no message vmware log where the problem is? 



  • 6.  RE: Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Oct 31, 2023 05:18 PM

    Hi,

    From vCenter inventory try below procedure:

    1. Enter maitanance mode

    2. Disconnect host

    3. Connect host

    5. Exit maitanance mode

    6. go to cluser > monitor > security to see that now attestation has status "passed"

    7. [Optionally] check in bios > security menu that TXT has also status "on"



  • 7.  RE: Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Nov 02, 2023 06:41 PM

    Where i find the TXT Feature, it doesn't show up ?

    CPU AES-NI Enabled
    System Password Empty
    Confirm System Password Empty
    Setup Password Empty
    Confirm Setup Password Empty
    Password Status Unlocked
    SHA256 hash of the System password Empty
    Salt string appended to the System password prior to hash Empty
    SHA256 hash of the Setup password Empty
    Salt string appended to the Setup password prior to hash Empty
    TPM Security On
    TPM Information Type: 2.0 NTC
    TPM Firmware 7.2.2.0
    TPM Hierarchy Enabled
    TPM Advanced Settings
    AMD DRTM Off
    Power Button Enabled
    AC Power Recovery Last
    AC Power Recovery Delay Immediate
    User Defined Delay (120s to 600s) 120
    UEFI Variable Access Standard
    SMM Security Mitigation Disabled
    Secure Boot Disabled
    Secure Boot Policy Standard
    Secure Boot Mode Deployed Mode
    Authorize Device Firmware Disabled
    UEFI CA Certificate Scope Device Firmware and OS

     



  • 8.  RE: Host TPM attestation alarm | Fresh Installed vCenter 8

    Posted Nov 07, 2023 11:16 AM

    It is solved. You've click to Datacenter -> Security at this Point you've the exact problem vcenter is expecting.

    Bildschirmfoto 2023-11-07 um 11.52.03.png

    in that case, Secure Boot - Disabled was the problem.