{"id":1647,"date":"2024-11-27T00:37:36","date_gmt":"2024-11-27T06:37:36","guid":{"rendered":"https:\/\/zewwy.ca\/?p=1647"},"modified":"2024-11-27T00:37:36","modified_gmt":"2024-11-27T06:37:36","slug":"veeam-vm-restore-failed-cannot-apply-encryption-policy-you-must-set-the-default-key-provider","status":"publish","type":"post","link":"https:\/\/zewwy.ca\/index.php\/2024\/11\/27\/veeam-vm-restore-failed-cannot-apply-encryption-policy-you-must-set-the-default-key-provider\/","title":{"rendered":"Veeam VM Restore failed: Cannot apply encryption policy. You must set the default key provider."},"content":{"rendered":"<p>So in my Lab vCenter went completely POOOOOF. So, I installed it fresh.<\/p>\n<p>After vCenter was installed, <a href=\"http:\/\/zewwy.ca\/index.php\/2023\/05\/21\/manually-fix-veeam-backup-job-after-vm-id-change\/\">I updated my Veeam configuration to ensure my backup chains wouldn&#8217;t break<\/a> which still works great by the way.<\/p>\n<p>One VM was missing from my vSphere. So I went to restore it when all of a sudden:<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/wqHxHD5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/wqHxHD5.png\" alt=\"\" width=\"590\" height=\"451\" \/><\/a><\/p>\n<p>I remembered by post about <a href=\"http:\/\/zewwy.ca\/index.php\/2022\/11\/09\/tpm-security-on-a-esxi-vm\/\">configuring a Native Key Provider cause it was required as such to have a vTPM<\/a>. So I thought, is this a &#8220;PC Load Letter&#8221; problem, and it&#8217;s actually just complaining that I didn&#8217;t configure a NKP for it to &#8220;apply encryption policy&#8221;?<\/p>\n<p>Follow the same old steps to configure a NKP.<\/p>\n<ul>\n<li><strong>Log in to the vSphere Client<\/strong>:\n<ul>\n<li>Open the vSphere Client and log in with your credentials.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Navigate to Key Providers<\/strong>:\n<ul>\n<li>Select the vCenter Server instance.<\/li>\n<li>Click on the <strong>Configure<\/strong> tab.<\/li>\n<li>Under <strong>Security<\/strong>, click on <strong>Key Providers<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Add a Native Key Provider<\/strong>:\n<ul>\n<li>Click on <strong>Add<\/strong>.<\/li>\n<li>Select <strong>Add Native Key Provider<\/strong>.<\/li>\n<li>Enter a name for the Native Key Provider.<\/li>\n<li>If you want to use hosts with TPM 2.0, select the option <strong>Use key provider only with TPM protected ESXi hosts<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Complete the Setup<\/strong>:\n<ul>\n<li>Click <strong>Add Key Provider<\/strong>.<\/li>\n<li>Wait for the process to complete. It might take a few minutes for the key provider to be available on all hosts.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Backup the Native Key Provider<\/strong>:\n<ul>\n<li>After adding the Native Key Provider, you must back it up.<\/li>\n<li>Click on the Native Key Provider you just created.<\/li>\n<li>Click <strong>Backup<\/strong>.<\/li>\n<li>Save the backup file and password in a secure location.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Once I did all that&#8230;<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/31LQTE8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i.imgur.com\/31LQTE8.png\" alt=\"\" width=\"578\" height=\"443\" \/><\/a><\/p>\n<p>No way that actually worked. But will it boot? Well it def &#8220;booted&#8221; but it asked for the BitLocker key (which makes sense since we created a new TPM and it doesn&#8217;t have the old keys). I checked my AD and sadly enough for some reason it didn&#8217;t have any BitLocker keys saved for this AD object\/VM.<\/p>\n<p>Guess this one is a loss and the importance of saving your encryption keys.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So in my Lab vCenter went completely POOOOOF. So, I installed it fresh. After vCenter was installed, I updated my Veeam configuration to ensure my backup chains wouldn&#8217;t break which still works great by the way. One VM was missing from my vSphere. So I went to restore it when all of a sudden: I &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/zewwy.ca\/index.php\/2024\/11\/27\/veeam-vm-restore-failed-cannot-apply-encryption-policy-you-must-set-the-default-key-provider\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Veeam VM Restore failed: Cannot apply encryption policy. You must set the default key provider.&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","footnotes":""},"categories":[8,236],"tags":[447],"class_list":["post-1647","post","type-post","status-publish","format-standard","hentry","category-server-administration","category-veeam","tag-encryption"],"_links":{"self":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/comments?post=1647"}],"version-history":[{"count":1,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1647\/revisions"}],"predecessor-version":[{"id":1648,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/posts\/1647\/revisions\/1648"}],"wp:attachment":[{"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/media?parent=1647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/categories?post=1647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zewwy.ca\/index.php\/wp-json\/wp\/v2\/tags?post=1647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}