Your ESXi server may fail during boot and display the following errors.
- Unable to recover the system configuration.
- Failed to decrypt system configuration.
- Unable to restore system configuration. A security violation was detected.
Note that quick boot currently does not support TPM.
This article will walk you through troubleshooting your ESXi host’s failure to boot after upgrading to vSphere 7.0 U2 or later. This article aims to assist you in removing the most common causes of this problem by ensuring that the minimum system requirements are satisfied and that the hardware is working properly.
Error Message 1
Check Firmware Security Settings
- Re-enable TPM 2.0 if it has been disabled.
- Re-enable UEFI secure boot if it has been disabled.
- Change the value of the execInstalledOnly boot option back to FALSE if it is set to FALSE (i.e. TRUE).
- Add “execInstalledOnly=TRUE” to the boot command-line (hit shift+o when mboot starts and a 5-second countdown appears, just after the bios).
If the firmware settings haven’t been changed, either the TPM 2.0 chip isn’t working or the ESXi version being booted isn’t authentic.
Error message 2
This indicates that a valid ESXi version has booted, but the configuration data has been tampered with or is corrupted, making recovery impossible.
Error Message 3
This indicates that we are unable to recover using the recovery key provided. Make certain that the input recovery key is right.