This article provides workaround when encountered backup Native Key Provider failed by VMware vCenter unset hostname.

Symptoms

The URL of download backup file depends on hostname. So, if vCenter unset hostname, the URL cannot be used to download the backup file.

This is a known issue.

Workaround

1. 1. Using dcli export command, this gives a bearer token & file path
      
      root@localhost [ ~ ]# dcli com vmware vcenter cryptomanager kms providers export --provider <nkp_name>
      Username: [email protected]
      Password: **********
      Do you want to save credentials in the credstore? (y or n) [y]:n
      location:
           download_token:
              expiry: [YYYY-MM-DDTHH:MM:SS]
               token: <alphanumeric token ID>
           url: https://localhost/cryptomanager/kms/nkp_name
      Type:location
      
      
   2. Download the file:
      replace localhost with vCenter IP in the url, and put token after Bearer.
       wget 'https://<VCIP>/cryptomanager/kms/nkp_name' --header 'Authorization: Bearer <token from step1>'

Note: To list native key provider name, run: dcli com vmware vcenter cryptomanager kms providers list 

- When prompted for Username and Password in step 1, enter the Username and Password of the SSO Admin user　(default:[email protected]). No need to save to in the credstore.

- nkp_name in the above command stands for Native Key provider name. The content between <> needs to be replaced with the actual value.