Solved: Re: ESXi Host Encryption Mode

NeenaJim · ‎10-26-2022

Can someone please help me to find a script that I can enable Host Encryption Mode for our 200+ ESXi hosts by a powershell script?
Thanks in advance!

swamynaveen · ‎11-04-2022

@NeenaJim You can follow below method to achieve your task. This has been tested on mentioned powerCLi version and working fine as well.

<#
Set-VMHost_Encrypt.ps1
Prerequisties: Install PowerCLI module version:VMware.PowerCLI 12.6.0 build 19610541.
Validate that below Cmdlet is available in this.
Get-Command -Name Get-KeyProvider --> To validate Keyprovider Cmdlet
Cmdlet	Get-KeyProvider	12.6.0.19609013	VMware.VimAutomation.Storage	

#>


Import-Module VMware.VMEncryption
$vmhosts = Get-VMHost -State Connected #Get-Content "C:\HostList.txt"

foreach ( $vmhost in $vmhosts){

$keyprovider = Get-KeyProvider | select -First 1

Get-VMHost $vmhost |Set-VMHost  -KeyProvider $keyprovider

}

View solution in original post

NeenaJim · ‎10-27-2022

@LucD , would you please help me to perform this task?

LucD · ‎10-27-2022

See Solved: Re: Powercli command to enable host encryption - VMware Technology Network VMTN

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Dave34 · ‎10-27-2022

Many thanks for sharing and very useful link

NeenaJim · ‎11-01-2022

I am not sure if I am doing this correct or not. I am getting this message. I have connected the ESXi host with its root account from powershell and ran that command. Any suggestion @LucD ?

LucD · ‎11-01-2022

Looks like you didn't install the VMware.VMEncryption module.

That is a open source module and doesn't come automatically when you install PowerCLI.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

knikolov · ‎11-02-2022

Try it like this:

set-vmhost ESX111 -KmsCluster (get-kmscluster kmscluster111)

If you don't have two different modules that contain the same Get-KmsCluster command the module identifier should not be required.

NeenaJim · ‎11-03-2022

I've tried to install the module: VMware.VMEncryption. But I dont think I am doing it right. What I have done is. Open that page and I could see this:

Then I opened the file and copied its content and ran it from PowerShell. But nothing happened. So at this point I am stuck. I am really sorry I couldn't follow the steps.

LucD · ‎11-03-2022

You have to install both files (.psd1 and .psm1) in a folder that you name VMware.VMEncryption
That folder has be in one of the folders mentioned in $env:PSModulePath

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

NeenaJim · ‎11-03-2022

I've copied both files in the location and then ran that command again and getting this:

LucD · ‎11-03-2022

That Get-KmsCluster is part of the VMware.VimAutomation.Storage module.
Like Kamen already said, you don't need to specify that module prefix.
The problem is that the Get-KmsCluster cmdlet is also part of the VMware.VMEncryption module.

Just try with Get-KmsCluster, without prefix.
Or try with VMware.VMEncryption\Get-KmsCluster

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

swamynaveen · ‎11-04-2022

@NeenaJim You can follow below method to achieve your task. This has been tested on mentioned powerCLi version and working fine as well.

<#
Set-VMHost_Encrypt.ps1
Prerequisties: Install PowerCLI module version:VMware.PowerCLI 12.6.0 build 19610541.
Validate that below Cmdlet is available in this.
Get-Command -Name Get-KeyProvider --> To validate Keyprovider Cmdlet
Cmdlet	Get-KeyProvider	12.6.0.19609013	VMware.VimAutomation.Storage	

#>


Import-Module VMware.VMEncryption
$vmhosts = Get-VMHost -State Connected #Get-Content "C:\HostList.txt"

foreach ( $vmhost in $vmhosts){

$keyprovider = Get-KeyProvider | select -First 1

Get-VMHost $vmhost |Set-VMHost  -KeyProvider $keyprovider

}

All

ESXi Host Encryption Mode