K
KD_A2
Hi there,
I'm trying to test out enabling vTPM in Hyper-V, enabling Bitlocker within the VM and then exporting the VM to another host (same hardware).
I'm unsure if this is possible with 2016 Standard or if Data Center would be required?
My sticking point is the validation of the exported owner Certs I've pulled from the original Server. Following a related article I found in the Microsoft Tech Community titled "Migrating local VM owner certificates for VMs with vTPM"
I've imported them into the secondary Server but the VM fails to start and I get "The key protector for the virtual machine could not be unwrapped. Health certificate is not valid. When I look at the Host Guardian Service logs, it says it could be attestation, networking issue, etc. As I'm not using a Shielded VM (but the certificate states Shielded VM) I was under the impression I didn't need to use the HGS service if it was validating against the cert on the local machine?
Can anyone help clarify if I should be able to export and import VM's across machines using the owner certificates to authorize the running of the VM in local mode?
Also on Server 2016 Standard.
Thanks!
Continue reading...
I'm trying to test out enabling vTPM in Hyper-V, enabling Bitlocker within the VM and then exporting the VM to another host (same hardware).
I'm unsure if this is possible with 2016 Standard or if Data Center would be required?
My sticking point is the validation of the exported owner Certs I've pulled from the original Server. Following a related article I found in the Microsoft Tech Community titled "Migrating local VM owner certificates for VMs with vTPM"
I've imported them into the secondary Server but the VM fails to start and I get "The key protector for the virtual machine could not be unwrapped. Health certificate is not valid. When I look at the Host Guardian Service logs, it says it could be attestation, networking issue, etc. As I'm not using a Shielded VM (but the certificate states Shielded VM) I was under the impression I didn't need to use the HGS service if it was validating against the cert on the local machine?
Can anyone help clarify if I should be able to export and import VM's across machines using the owner certificates to authorize the running of the VM in local mode?
Also on Server 2016 Standard.
Thanks!
Continue reading...