If a TPM fails, or if you clear a TPM, you must recover the secure ESXi Configuration. Until you recover the configuration, the ESXi host cannot boot.
- You cleared the TPM (that is, the seeds in the TPM were reset).
- The TPM failed.
To troubleshoot other secure ESXi configuration problems, see the VMware knowledge base article at https://kb.vmware.com/kb/81446.
Perform the recovery manually. Do not perform the recovery as part of an installation or upgrade script.
- (Optional) If the TPM failed, move the disk (having the boot bank) to another host with a TPM.
- Start the ESXi host.
- When the ESXi installer window appears, press Shift+O to edit boot options.
- At the command prompt, enter the boot option to recover the configuration.
The secure ESXi configuration is recovered and the ESXi host boots.
What to do next
When you enter the recovery key, it is temporarily displayed in an untrusted environment and is in memory. You can remove residual traces of the key in memory by rebooting the host. Or, you can rotate the key. See Rotate the Secure ESXi Configuration Recovery Key.