vTPM used for Bitlocker on DC - no more SureBackup

[StephanG]

Hi everyone,

I’m aware this might be “by design,” but it significantly limits the usefulness of SureBackup in real-world, compliance-driven environments.
To meet requirements from certifications like ISO27001, TISAX, and NIS 2.0, we’ve implemented full encryption using BitLocker on all our domain controllers and hypervisor hosts, with vTPM enabled.
We also rely on Veeam SureBackup for automated backup validation — which is itself a key part of these certifications.
Unfortunately, SureBackup fails to start our DCs due to vTPM/BitLocker protection, and as a result, all dependent systems (SQL Server, web servers, file servers, etc.) also fail during application testing.

There was a thread back in 2022 (VMware-related) discussing similar issues, but no solution was available at the time.
Is there any current workaround or best practice to make SureBackup work with vTPM-protected, BitLocker-encrypted VMs — ideally without compromising compliance?
Thanks in advance!

[Andreas Neufert]

Do you use original VMware Cluster for the SureBackup or a different host?

[StephanG]

I restore it to another host. I will now try to transfer the TPM certificate to this server and try again.

[StephanG]

That worked!
I transferred the certs and the VM started
Like this: https://techcommunity.microsoft.com/blo ... on/4430584