Stone Equinox / Managing Shielded VM Certificates / Virtual Machine TPM certificates

Article ID: 970

Last updated: 17 Sep, 2025

Article ID: 970

Last updated: 17 Sep, 2025

Revision: 4

Posted: 15 Sep, 2025
by Andrew Sharrad

Updated: 17 Sep, 2025
by Andrew Sharrad

Stone Equinox / Managing Shielded VM Certificates / Virtual Machine TPM certificates

When you create a virtual machine with TPM in a Hyper-V host, certificates are created on the host for the encryption credentials.

If you move the virtual machine to a different host, the certificates must be available in order to boot or use the VM.

Microsoft recommend that you use the Host Guardian Service to manage these certificates in a Hyper-V Cluster. Alternatively, as a simpler solution, use the CHOPS program on a cluster to identify and copy the required certificates between all hosts.

Note: CHOPs is provided without any warranty, implied or otherwise

CHOPs only needs to be run on one host on the cluster, and should be run whilst logged on as a full administrator.

Applies to:

Stone Computers Equinox
Stone Computers Elysium
Most S2D Hyperconverged Platforms

This article was:

Article ID: 970

Last updated: 17 Sep, 2025

Revision: 4

Posted: 15 Sep, 2025 by Andrew Sharrad

Updated: 17 Sep, 2025 by Andrew Sharrad

Tags

s2d machine chops shielded vm guardian shielded certificates cert certs

Attached files

CHOPs_v1.0.5_(1000).Update.zip (14 kb)

« Stone Eclipse Drivers

Stone Equinox / Storage Spaces Direct (S2D) Hyper-V Cluster UPS... »

Stone Equinox / Managing Shielded VM Certificates / Virtual Machine TPM certificates

BBCode tips

Stone Equinox / Managing Shielded VM Certificates / Virtual Machine TPM certificates