Scheduled file-based backups in vCenter are failing with "Access denied"
search cancel

Scheduled file-based backups in vCenter are failing with "Access denied"

book

Article ID: 370701

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Scheduled backups are not working for vCenter Server, while manual backups are working just fine.
  • The working manual backups are configured with same configuration (same target path and the same login credentials).
  • When trying to update the scheduled backup tasks using the parameters in the backup schedule, an error message appears, saying:

Access denied.

Environment

vCenter Server 7.x

 

Cause

This issue occurs when the certificate store APPLMGMT_PASSWORD was deleted from the vCenter VECS. vCenter uses this store to save the appliance management password for scripted (automated) tasks in an encrypted format, which requires the store to exist.

 

 

 

 

Resolution

  • To identify the issue, try to list the entries in the APPLMGMT_PASSWORD using vecs-cli:

# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store APPLMGMT_PASSWORD

  • The output will look similar to the example below:

vecs-cli failed. Error 4312: Possible errors:

LDAP error: Unknown (extension) error

Win Error: Operation failed with error ERROR_OBJECT_NOT_FOUND (4312)

  • To further confirm the error, review /var/log/vmware/vmafd/vmafdd.log and look for the following entries:

[vmafdd][INFO]  VecsSrvDeleteCertStore: Deleting Certificate Store APPLMGMT_PASSWORD

[vmafdd][INFO] [OPID :vecs-cli_xxxxx_1] Entering VecsIpcDeleteCertStore

 

  • To solve this error, run the following command to recreate the APPLMGMT_PASSWORD store, then recreate the scheduled backup task:

# /usr/lib/vmware-vmafd/bin/vecs-cli store create --name APPLMGMT_PASSWORD

Powered by Wolken Software