At the moment I am testing and working in my lab on the Shielded VM and Guarded Fabric scenario. Due to the fact that my Hyper-V hosts in my lab are not having any TPM chip, I am forced to use the AD-based attestation.
After a business trip I started my lab again and ran into this error message under the status tab in the properties of my Hyper-V hosts.
Error (20588)
Attestation failed on HV-02.neumanndaniel.local due to the following error: Attestation failed with a transient error. Try the operation again.Further details about this error are as follows:
– The Attestation server could not be reached. Ensure that the host is using the correct URL to connect to the Attestation Server.Recommended Action
Resolve all of the issues mentioned above, and then try the operation again.
Thanks to Uday Pandya one of the PMs for the Shielded VM and Guarded Fabric scenario for pointing me into the right direction.
Actually I do not know the cause why the forest trust between the Host Guardian Service domain and my lab domain was not in place anymore. But this was the reason for the error message. After reestablishing the forest trust the HGS Attestation Client status went to green again.
