Starting with vSphere 6.7, a vCenter Server alarm notifies you when an ESXi host's encryption mode has become disabled. You can re-enable the host encryption mode if it has become disabled.


  • Verify that you have the required privileges: Cryptographic operations.Register host
  • Before re-enabling encryption mode, troubleshoot the cause and attempt to fix the problem manually.


  1. Connect to vCenter Server by using the vSphere Client.
  2. Navigate to the ESXi host's Summary tab.
    When the encryption mode is disabled, the Host Requires Encryption Mode Enabled alarm appears.
  3. Decide if you want to either acknowledge the alarm, or reset the alarm to green but not re-enable the host encryption mode now.
    When you click either Acknowledge or Reset to green, the alarm goes way, but the host's encryption mode remains disabled until you re-enable it.
  4. Navigate to the ESXi host's Monitor tab and click Events to get more information on why encryption mode is disabled.
    Perform suggested troubleshooting before you re-enable the encryption mode.
  5. On the Summary tab, click Enable Host Encryption Mode to re-enable host encryption.
    A message appears, warning that encryption key data is transmitted to the host.
  6. Click Yes.