When you enable encryption on a virtual machine (VM) or an ESXi host, VMware uses a Trusted Platform Module (TPM) to secure the encryption keys.
: You are running vSphere 7.0 U2 or higher. vmware tpm encryption recovery key backup alarm
Use → “vTPM recovery key backup failed” event ID com.vmware.vc.tpm.key.backup.fail . When you enable encryption on a virtual machine
VMware PowerCLI can query each VM’s vTPM property and check the backup state via the key provider. VMware PowerCLI can query each VM’s vTPM property
To resolve the alarm, you must manually retrieve the key and then reset the alarm status.
#!/bin/bash # Calls PowerCLI via REST API /usr/bin/pwsh /scripts/check_tpm.ps1 --output json
: In the vSphere Client, select the host, go to the Monitor tab > Issues and Alarms > Triggered Alarms , right-click the alarm, and select Reset to Green . Key Risks of Ignoring the Alarm