Unable to Backup Native Key Provider when VMware vCenter unset Hostname.
search cancel

Unable to Backup Native Key Provider when VMware vCenter unset Hostname.

book

Article ID: 312030

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides workaround when encountered backup Native Key Provider failed by VMware vCenter unset hostname.

Symptoms

Backup Native Key Provider failed.

Environment

VMware vSphere ESXi 8.0.x
VMware vSphere ESXi 7.0.3

Cause

The URL of download backup file depends on hostname. So, if vCenter unset hostname, the URL cannot be used to download the backup file.

Resolution

This is a known issue.


Workaround

    1. Using dcli export command, this gives a bearer token & file path

      root@localhost [ ~ ]# dcli com vmware vcenter cryptomanager kms providers export --provider <nkp_name>
      location:
           download_token:
              expiry: 2022-03-23T23:12:34.000Z
               token: <alphanumeric token ID>
           url: https://localhost/cryptomanager/kms/nkp_name
      Type: LOCATION

    2. Download the file:
      replace localhost with vCenter IP in the url, and put token after Bearer.
       wget 'https://<VCIP>/cryptomanager/kms/nkp_name' --header 'Authorization: Bearer <token from step1>'

Note: To list native key provider name, run: dcli com vmware vcenter cryptomanager kms providers list 

- nkp_name in the above command stands for Native Key provider name. The content between <> needs to be replaced with the actual value.

Powered by Wolken Software