Attempting to backup the vSphere Native Key Provider via vSphere Client does not work
No errors are thrown.
When hitting the "Back up Key Provider" button, nothing happens.
When attempting to backup the vSphere Native Key Provider on the command line with CURL or wget a "404: Not Found" error is throws, e.g:"wget --no-check-certificate --header 'Authorization: Bearer eyJhbGciOiJIUzI < SNIP >NoWneWirU' https://localhost/cryptomanager/kms/test
--2024-11-12 14:56:17-- https://localhost/cryptomanager/kms/test
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:443... connected.
WARNING: no certificate subject alternative name matches
requested host name ‘localhost’.
HTTP request sent, awaiting response... 404 Not Found
2024-11-12 14:56:17 ERROR 404: Not Found.
The /var/log/vmware/envoy/envoy-access.log log file has "404 route_not_found" entries for the NKP backup tasks, e.g:
2024-11-12T15:13:12.327Z info envoy[612280] [Originator@6876 sub=Default] 2024-11-12T15:13:05.789Z GET /cryptomanager/kms/test
404 route_not_found NR 0 0 - 0 - - 192.###.#.##:59317 HTTP/2 TLSv1.2 192.###.#.##:443 - - - - - -
vCenter Server Appliance 7.x
vCenter Server Appliance 8.x
The /etc/vmware-rhttpproxy/endpoints.conf.d/vpxd.conf file is misisng, has incorrect entries or has incorrect permissions.
vpxd.conf contents on 8.0 U3:# Endpoint Connection-type Endpoint-address HTTP-access-Mode HTTPS-access-mode
/ namedpipe /var/run/vpxd/vpxd-webserver-pipe redirect allow
# To support direct access to vpxd without going through API proxy
/Query found 8080 allow reject
Permissions:
ls -ltrha vpxd.conf
-rw-r--r-- 1 rhttpproxy rhttpproxy 387 Nov 12 15:33 vpxd.conf
Rectify any issues with the /etc/vmware-rhttpproxy/endpoints.conf.d/vpxd.conf file.
Restart the services on the vCenter:
This can also cause problems when downloading Root SSL certificates from the UI