CPI Unable to Upload file to an Encrypted vSphere Datastore
Article ID: 298070
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
Product errands fail when uploading a file to a datastore that is encrypted. The error message below can be found in the task debug logs.
In the CPI activity logs in vcenter, you will see the below error message referencing Cryptographic Access.
Creating missing vms: bosh-health-check/0b4b056e-37b2-478a-862a-706c207f8254 (0) (00:00:56) L Error: Unknown CPI error 'Unknown' with message 'Could not transfer file 'https://paisasvc02.r1-core.r1.aig.net/folder/vm-a3f5f538-8d66-4910-9dd0-dc7a9adb23ed/env.json?dcPath=AM1_VC02&dsName=vsanDatastore_AM1_VC02_CORE_AZ1', received status code '500'' in 'create_vm' CPI method (CPI request ID: 'cpi-226444') Task 148951 | 15:01:46 | Error: Unknown CPI error 'Unknown' with message 'Could not transfer file 'https://paisasvc02.r1-core.r1.aig.net/folder/vm-a3f5f538-8d66-4910-9dd0-dc7a9adb23ed/env.json?dcPath=AM1_VC02&dsName=vsanDatastore_AM1_VC02_CORE_AZ1', received status code '500'' in 'create_vm' CPI method (CPI request ID: 'cpi-226444')
In the CPI activity logs in vcenter, you will see the below error message referencing Cryptographic Access.
The session 'xx-xx-xx' does not have privilege Cryptographer.Access on entity [datastore]
Environment
Product Version: 2.8
Resolution
In Vcenter, navigate to Access Control > Roles > Edit Roles > Cryptographic Operations and add the below permissions.
- Cryptographic operations.Direct Access
- Cryptographic operations.Add disk
- Cryptographic operations.Clone
- Cryptographic operations.Decrypt
- Cryptographic operations.Encrypt
- Cryptographic operations.Encrypt new
- Cryptographic operations.Migrate
- Cryptographic operations.Recrypt
- Cryptographic operations.Register VM
Feedback
Yes
No
Powered by
