Unable to backup Native Key Provider when vcenter unset hostname.
search cancel

Unable to backup Native Key Provider when vcenter unset hostname.

book

Article ID: 312030

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides workaround when encountered backup Native Key Provider failed by vCenter unset hostname.


Symptoms:

Backup Native Key Provider failed.


Environment

VMware vSphere ESXi 8.0.x
VMware vSphere ESXi 7.0.3

Cause

The url of download backup file depends on hostname, so if vCenter unset hostname, the url can't be used to download the backup file.

Resolution

VMware is aware of this issue and working to resolve this in a future release.


Workaround:

Follow the below Workaround:
Step 1: Using dcli export command, this gives a bearer token & file path

root@localhost [ ~ ]# dcli com vmware vcenter cryptomanager kms providers export --provider nkp_name
location:
     download_token:
        expiry: 2022-03-23T23:12:34.000Z
         token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDgwNzcxNTQsInBhc3N3ZCI6Iip0eThqTy8wVnBYT1FNOUk1Z2tjRGh2aFdmRkt4WGVOZzI2T1J5ck1Iva21zL2twIn0.tSRvNMhYW5pwPIkv0T3bWuen5nUW_j2fnOtrwzJbBSU
     url: https://localhost/cryptomanager/kms/nkp_name
Type: LOCATION

Step 2: Download the file:
replace localhost with vCenter IP in the url, and put token after Bearer.
 wget 'https://172.16.33.132/cryptomanager/kms/nkp_name' --header 'Authorization: Bearer eyJhbGciOiJ...fnOtrwzJbBSU'

 

*** to list native key provider name run: dcli com vmware vcenter cryptomanager kms providers list - in this example nkp_name is the provider name ***

Powered by Wolken Software