Hey Checkyourlogs Fans,

Today I was doing some maintenance and planned failovers using Veeam between a Server 2019 and 2022 S2D Cluster and ran into the following trying to start one of the VM’s.

The key protector could not be unwrapped. Details are included in the HostGuardianService-Client event log.

From Veeam it looks like this:

It just shows Failover Failed, but it is still in the Active Replica State. The only option is to undo the failover.

So we did that and then continued troubleshooting.

On the target VM we noticed the issue was that someone had enabled the Enable Trusted Platform Module checkbox in Hyper-V.

With this checkbox removed we were able to boot the VM.


With this unchecked, the VM will boot, but the setting change needs to be made on the source VM.

Once that is done, the VM will be able to successfully fail over and work.

Hope this helps you if you encounter this issue.