When you install a Trusted Platform Module (TPM) device on an ESXi host, the host might fail to pass attestation. You can troubleshoot the potential causes of this problem.


  1. View the ESXi host alarm status and accompanying error message. See View ESXi Host Attestation Status.
  2. If the error message is Host secure boot was disabled, you must re-enable secure boot to resolve the problem.
  3. If the attestation status of the host is failed, check the vCenter Server vpxd.log file for the following message:
    No cached identity key, loading from DB
    This message indicates that you are adding a TPM 2.0 chip to an ESXi host that vCenter Server already manages. You must first disconnect the host, then reconnect it. See vCenter Server and Host Management documentation for information about disconnecting and reconnecting hosts.
    For more information about vCenter Server log files, including location and log rotation, see the VMware knowledge base article at https://kb.vmware.com/s/article/1021804.
  4. For all other error messages, contact Customer Support.