Cannot backup vSphere Native Key Provider - 404 Not found
search cancel

Cannot backup vSphere Native Key Provider - 404 Not found

book

Article ID: 381781

calendar_today

Updated On:

Products

VMware vCenter Server 8.0 VMware vCenter Server 7.0

Issue/Introduction

Attempting to backup the vSphere Native Key Provider via vSphere Client does not work

No errors are thrown.

When hitting the "Back up Key Provider" button, nothing happens. 

When attempting to backup the vSphere Native Key Provider on the command line with CURL or wget a "404: Not Found" error is throws, e.g:

"wget --no-check-certificate --header 'Authorization: Bearer eyJhbGciOiJIUzI < SNIP >NoWneWirU' https://localhost/cryptomanager/kms/test
--2024-11-12 14:56:17--  https://localhost/cryptomanager/kms/test
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:443... connected.
WARNING: no certificate subject alternative name matches
        requested host name ‘localhost’.
HTTP request sent, awaiting response... 404 Not Found
2024-11-12 14:56:17 ERROR 404: Not Found.

 

The /var/log/vmware/envoy/envoy-access.log log file has "404 route_not_found" entries for the NKP backup tasks, e.g:


2024-11-12T15:13:12.327Z info envoy[612280] [Originator@6876 sub=Default] 2024-11-12T15:13:05.789Z GET /cryptomanager/kms/test
 404 route_not_found NR 0 0 - 0 - - 192.###.#.##:59317 HTTP/2 TLSv1.2 192.###.#.##:443 - - - - - -

Environment

vCenter Server Appliance 7.x

vCenter Server Appliance 8.x

Cause

The /etc/vmware-rhttpproxy/endpoints.conf.d/vpxd.conf file is misisng, has incorrect entries or has incorrect permissions.

vpxd.conf contents on 8.0 U3:

# Endpoint               Connection-type  Endpoint-address                     HTTP-access-Mode  HTTPS-access-mode
/                        namedpipe        /var/run/vpxd/vpxd-webserver-pipe  redirect          allow
# To support direct access to vpxd without going through API proxy
/Query                   found            8080                                 allow             reject

Permissions:

ls -ltrha vpxd.conf
-rw-r--r-- 1 rhttpproxy rhttpproxy 387 Nov 12 15:33 vpxd.conf

Resolution

Rectify any issues with the /etc/vmware-rhttpproxy/endpoints.conf.d/vpxd.conf file.

Restart the services on the vCenter:

  1. service-control --stop --all
  2. service-control --start --all

Additional Information

This can also cause problems when downloading Root SSL certificates from the UI