
Occasionally, I have to help our customers with installing/configuring and maintaining their DellEMC VxRail environments. I was recently assisting one of our customers with an upgrade from VxRail code 4.5.x to 4.7.x. After the upgrade was complete (12 hours later), we noticed that each host had an alert stating: “TPM 2.0 device detected but a connection could not be established” – Well, that’s a bummer!
After a long support call with DellEMC, one of their escalation engineers had seen this before and was able to resolve the issue. Short story, the BIOS needed to be configured to use SHA256 in order to support TPM.
Few tips that the engineer kept stressing:
- Ensure the vSAN cluster is healthy
- Ensure there is not an active re-sync operation in progress
- Ensure there are enough resources available for vMotions
- Ensure there was enough free space available for Fault Tolerance.
You can change the BIOS setting by completing the following steps:
- Put the host in Maintenance Mode in vCenter and using the “Ensure Accessibility” setting.
- Log into the BMC by hitting F2 for System Setup then System Security
- Ensure “TPM Security” is set to ON and “Intel(R) TXT” is ON
- If you can not turn this setting on, then you will need to enable secure boot in the bios first.
- Go into “TPM Advanced Settings” and Ensure “TPM PPI” settings are disabled, and “TPM2 Algorithm Selection” should be SHA56
- Save settings and let the host reboot with the new settings
- Clear alerts in vCenter for that hosts and wait 10-15 minutes
- Ensure is vSAN Health is healthy
- No Resync operations in progress
- Ensure there was enough free space available for Fault Tolerance.
- Proceed to the next host
Needless to say, this isn’t a quick process. Hope this helps anyone else seeing this and saves you a call to support.