I'm looking for advice on managing the migration of Windows 11 virtual machines that utilize Trusted Platform Module (TPM) technology between hosts in a Hyper-V cluster. I've come across some issues where TPM seems incompatible with the migration process. Is there a better solution than just disabling TPM after the VM has been created?
3 Answers
If you’re looking for a Microsoft-supported method, the TPM attestation approach is the way to go, but it does have its caveats. Just keep in mind that relying on HGS is essential since the attestation process hinges on that setup.
You might not find much concrete info directly from Microsoft, but I did see a post on their Tech Community about migrating VM owner certificates for VMs with vTPM. Essentially, you'll need to export the untrusted guardian certificates from each host and import them into the other nodes in the cluster. You can also find scripts online that can automate this process, like the one on GitHub, which might simplify things for you.
The official method is using TPM attestation, but remember, it's just a matter of exporting and importing certificates. You'll need to set up a Hosts Guardian Service (HGS) deployment for it to work properly.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures