VxRail: Encryption Recovery Key Error while communicating with daemon on VxRail 4.7.x 7.0.x and 8.0.x

[root@esxserver:~] esxcli system settings encryption recovery list
Error while communicating with daemon.  

[root@server:~] esxcli system settings encryption get
   Mode: NONE
   Require Executables Only From Installed VIBs: false
   Require Secure Boot: false

This error can also occur if the TPM is disabled in the BIOS.

To resolve this issue: 

Change the mode to TPM by running:

 esxcli system settings encryption set --mode=TPM

This initializes the daemon.
To collect the recovery key:

[root@server:~] esxcli system settings encryption get

NOTE: If you receive the following error:
 

[root@server:~] esxcli system settings encryption set --mode=TPM
Unable to change the encryption mode and policy. Verify that the current host configuration can satisfy the new requirement.

Follow the steps below: 

1. Go to Cluster level > Monitor > Security

2. If you see TXT is disabled, you have to enable it.
   

3. To do so, put the affected node in Maintenance Mode (MM) in vCenter using 'Ensure Accessibility'.

4. Using the iDRAC, reboot the node and enter the BIOS by pressing F2 for System Setup >  System BIOS.

5. Go to System Security.
   

6. TPM Security should be ON, and you might see the TXT option disabled, to enable it, click TPM Advanced Settings.

7. Change the 'TPM2 Algorithm Selection' to 'SHA256'.
     

8. Verify that Secure Boot is set to enabled.

9.  Apply the changes. The node reboots.

10. Once the node is fully up, right click the node and Disconnect it from vCenter.

11. Reconnect it again.

12. Take the node out of MM.

13. SSH to the node and change the encryption mode to TPM again:

    esxcli system settings encryption set --mode=TPM

14. The below command should run and you can collect the recovery key.

    esxcli system settings encryption recovery list

    
    
    

See TPM device detected but cannot connect for more info.