If a TPM fails, or if you clear a TPM, you must recover the secure ESXi Configuration. Until you recover the configuration, the ESXi host cannot boot.
Recovering the secure
ESXi configuration refers to the following situations:
- You cleared the TPM (that is, the seeds in the TPM were reset).
- The TPM failed.
- You replaced the motherboard or the TPM device, or both.
To troubleshoot other secure ESXi configuration problems, see the VMware knowledge base article at https://kb.vmware.com/kb/81446.
Perform the recovery manually. Do not perform the recovery as part of an installation or upgrade script.
Prerequisites
Procedure
What to do next
When you enter the recovery key, it is temporarily displayed in an untrusted environment and is in memory. Though not necessary, as a best practice, you can remove residual traces of the key in memory by rebooting the host. Or, you can rotate the key. See Rotate the Secure ESXi Configuration Recovery Key.