VMware ESXi: How to Gather Recovery Key from TPM Security Enabled Hosts

Summary: This article provides instructions on how the customer can gather their recovery key from their Trusted Platform Module (TPM) enabled host. The customer should keep the recovery key from each of their hosts in a safe place. Hardware replacement activities, such as system board replacements, require the recovery key for a smooth process. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

1) SSH into the ESXi host

2) Verify if TPM is installed and "TPM Security" is enabled in the BIOS:
  
[root@host1:~] esxcli hardware trustedboot get
   Drtm Enabled: true
   Tpm Present: true

Display the recovery key:
  
[root@host1:~] esxcli system settings encryption recovery list
Recovery ID                             Key
--------------------------------------  ---
{95D596B6-F9B9-4EAE-9957-5F34340B0332}  576950-585883-508642-213447-669596-497854-451424-683261-618428-522564-132967-573419-333169-023300-403351-572521
The recovery key is the second set of numbers displayed: Sixteen groups of six numbers as highlighted above - it is NOT the alphanumeric characters between the {}.
 
Have the customer copy the recovery key and advise them to keep it in a safe place along with the host’s hostname:
  
[root@host1:~] hostname
host1.local

After system board or TPM replacement, you must recover the ESXi security configuration: ESXi - How to Recover the Secure ESXi Configuration

Affected Products

PowerFlex rack, C Series, HS Series, Modular Infrastructure, Rack Servers, Tower Servers, XR Servers, Dell EMC vSAN Ready Nodes, OEM Server Solutions, VMware ESXi 5.x, VMware ESXi 6.5.X, VMware ESXi 6.7.X, VMware ESXi 6.x, VMware ESXi 7.x , VMware ESXi 8.x ...
Article Properties
Article Number: 000220136
Article Type: How To
Last Modified: 10 Dec 2024
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.