If your environment uses vSphere Virtual Machine Encryption, and if an error occurs on the ESXi host, the resulting core dump is encrypted to protect customer data. Core dumps that are included in the vm-support package are also encrypted.
Core Dumps on ESXi Hosts
When an ESXi host, a user world, or a virtual machine crashes, a core dump is generated, and the host reboots. If the ESXi host has encryption mode enabled, the core dump is encrypted using a key that is in the ESXi key cache. This key comes from the KMS. See How vSphere Virtual Machine Encryption Protects Your Environment for background information.
The following table shows encryption keys used for each core dump type.
|Core Dump Type||Encryption Key (ESXi 6.5)|
|ESXi Kernel||Host Key|
|User World (hostd)||Host Key|
|Encrypted Virtual Machine (VM)||Host Key|
- In most cases, vCenter Server retrieves the key for the host from the KMS and attempts to push the key to the ESXi host after reboot. If the operation is successful, you can generate the vm-support package and you can decrypt or re-encrypt the core dump. See Decrypt or Re-Encrypt an Encrypted Core Dump.
- If vCenter Server cannot connect to the ESXi host, you might be able to retrieve the key from the KMS. See Resolve Missing Key Issues.
- If the host used a custom key, and that key differs from the key that vCenter Server pushes to the host, you cannot manipulate the core dump. Avoid using custom keys.
Core Dumps and vm-support Packages
Core Dumps on vCenter Server Systems
A core dump on a vCenter Server system is not encrypted. vCenter Server already contains potentially sensitive information. At the minimum, ensure that the Windows system on which vCenter Server runs or the vCenter Server Appliance is protected. See Securing vCenter Server Systems. You might also consider turning off core dumps for the vCenter Server system. Other information in log files can help determine the problem.