When you create a virtual machine with TPM in a Hyper-V host, certificates are created on the host for the encryption credentials.
If you move the virtual machine to a different host, the certificates must be available in order to boot or use the VM.
Microsoft recommend that you use the Host Guardian Service to manage these certificates in a Hyper-V Cluster. Alternatively, as a simpler solution, use the CHOPS program on a cluster to identify and copy the required certificates between all hosts.
CHOPs only needs to be run on one host on the cluster, and should be run whilst logged on as a full administrator.
Applies to: