Host TPM Attestation Alarm – TPM 2.0 Connection Not Established

TPM 2.0 Device Detected but a Connection Cannot Be Established

I have VMware ESXI 8 installed on my Dell PowerEdge T150, and in ESXI it says "TPM 2.0 device detected but a connection cannot be established"…How do I fix this? Do I need to do anything in the BIOS?...https://www.dell.com/community/en/conversations/poweredge-hardware-general/dell-poweredge-t150-esxi-8-maybe-has-a-problem-with-tpm/647fa3b8f4ccf8a8de9a9b5b

Some people report that they have received the “TPM 2.0 device detected but a connection cannot be established” error message after upgrading to or installing a service that uses vSphere 6.7 or later versions.

Why do they encounter the Host TPM attestation alarm? The reason is that ESXi hosts can use Trusted Platform Modules (TPM) chips to enhance host security and vSphere 6.7 and later support TPM version 2.0.

TPM 1.2 vs 2.0 |How to Upgrade TPM from 1.2 to 2.0 Step by Step

This post explains TPM 1.2 vs 2.0 from the algorithm, supported OS, and supported Windows features. It also shows you how to upgrade the TPM version to 2.0.

Read More

Further Reading:

vSphere is a set of software for data center products developed by VMware Inc. It includes ESXi, vSphere client, and vCeneter.

ESXi is the most important component of vSphere. It is a hypervisor used to run virtual machines. The vSphere client or vCenter is used to install, manage, and access these virtual machines.

Some services like VxRail may integrate vSphere components. Then, they may also encounter the “TPM 2.0 device detected but a connection cannot be established” error.

There Is No TPM Available. Please Check BIOS Settings (Full Guide)

Have a look at this post now if you want to solve the “There is no TPM available. Please check your BIOS settings” error.

Read More

How to Get Rid of the Error

If you get the “TPM 2.0 device detected but a connection cannot be established” error, you can do the following things to get rid of the Host TPM attestation alarm:

• Install a TPM 2.0 chip and enable it in UEFI.
• Enable UEFI Secure Boot in BIOS. 
• Ensure that the TPM is configured in the ESXi host’s BIOS to use the SHA-256 hashing algorithm and the TIS/FIFO (First-In, First-Out) interface and not CRB (Command Response Buffer).

As for how to perform the above operations, you can refer to the following steps:

Step 1: Place the host into Maintenance Mode in vCenter using Ensure Accessibility. Reboot the host and press F2 to enter the System Setup menu.

Step 2: Under System Setup Main Menu, select System BIOS. Under System BIOS Settings, select System Security. Make sure TPM Security is On and then select TPM Advanced Settings. On this page, you should make sure TPM2 Algorithm Selection is SHA256.

Step 3: Go back to System Security and scroll down to find Secure Boot. Make sure it is Enabled. Then, turn on Intel TxT.

Step 4: Go back to the System BIOS screen. Click Finish and then Yes to save the changes. On the System Setup page, click Finish. Then, on the following prompt, click Yes to exit and reboot the system.

Step 5: Once you are on the vCenter, go to the host, and remove the error message by clicking the Reset to Green option. Then, exit Maintenance Mode.

MiniTool Partition Wizard DemoClick to Download100%Clean & Safe

How to Enable TPM 2.0 in BIOS [Dell, ASUS, Lenovo, HP, etc.]

This post shows you how to check the TPM status and how to enable TPM 2.0 for most PCs like Dell ASUS, HP, Lenovo, etc.

Read More

Bottom Line

Have you received the “TPM 2.0 device detected but a connection cannot be established” error when using vSphere products? This post offers the solution and you can have a try.