A vCenter Server alarm notifies you when an encrypted virtual machine is in a locked state. You can unlock a locked encrypted virtual machine by using the vSphere Client (HTML5-based client) after taking the necessary steps to make the required keys available on the KMS.


  • Verify that you have the required privileges: Cryptographic operations.RegisterVM
  • Other privileges might be required for optional tasks such as enabling host encryption.
  • Before unlocking a locked virtual machine, troubleshoot the cause of the lock and attempt to fix the problem manually. See Resolve Missing Key Issues.


  1. Connect to vCenter Server by using the vSphere Client.
  2. Navigate to the virtual machine's Summary tab.
    When a virtual machine is locked, the Virtual Machine Locked alarm appears.
  3. Decide if you want to either acknowledge the alarm, or reset the alarm to green but not unlock the virtual machine now.
    When you click either Acknowledge or Reset to green, the alarm goes away, but the virtual machine remains locked until you unlock it.
  4. Navigate to the Monitor tab of the virtual machine and click Events.
    The Events pane displays information about why the virtual machine is locked.
  5. Perform suggested troubleshooting before you unlock the virtual machine.
  6. Navigate to the Summary tab of the virtual machine.
    A Virtual Machine Locked Alarm appears.
  7. Select Unlock VM from the Actions drop-down menu on the right side.