"Back up of Native Key Provider has failed."
search cancel

"Back up of Native Key Provider has failed."

book

Article ID: 404088

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • On vCenter, Native Key Provider (NKP) backup fails with error "Back up of Native Key Provider has failed."
  • /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log  reports below: 

    [YYYY-MM-DDTHH:MM:SS.751+01:00] [ERROR] data-service-pool-540        ##### #### ##### c.vmware.vsphere.client.folder.impl.VCenterKmipPropertyProvider   Failed to retrieve getDefaultKmsCluster java.lang.NullPointerException: null
       at com.vmware.vsphere.client.folder.impl.VCenterKmipPropertyProvider.getDefaultKmsClusterId(VCenterKmipPropertyProvider.java:498)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:498)
            at com.vmware.vise.data.query.impl.ServicePropertyProviderAdapter.invokeMethod(ServicePropertyProviderAdapter.java:285)
            at com.vmware.vise.data.query.impl.ServicePropertyProviderAdapter.getProperties(ServicePropertyProviderAdapter.java:127)
            at com.vmware.vise.data.query.impl.DataManager.getDataFromPropertyProvider(DataManager.java:1204)
            at com.vmware.vise.data.query.impl.DataManager.getResultFromPropertyProvider(DataManager.java:1165)
            at com.vmware.vise.data.query.impl.DataManager.access$000(DataManager.java:80)
            at com.vmware.vise.data.query.impl.DataManager$1.call(DataManager.java:929)
            at com.vmware.vise.data.query.impl.DataManager$1.call(DataManager.java:925)
            at com.vmware.vise.util.concurrent.ExecutorUtil$2.call(ExecutorUtil.java:826)
            at com.vmware.vise.util.concurrent.ExecutorUtil$ThreadContextPropagatingTask.call(ExecutorUtil.java:1240)
            at io.opentelemetry.context.Context.lambda$wrap$2(Context.java:224)
            at com.vmware.vise.data.query.impl.DataServiceThreadPoolDecorator$1.call(DataServiceThreadPoolDecorator.java:192)
            at java.util.concurrent.FutureTask.run(FutureTask.java:266)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
            at java.lang.Thread.run(Thread.java:750)

    [YYYY-MM-DDTHH:MM:SS.994+01:00] [WARN ] p-nio-127.0.0.1-5090-exec-16 70000725 100016 200006 com.vmware.vise.actionsfw.impl.ActionImpl                         Action vsphere.core.folder.keyProvider.addTrusted has no visual representation.
    [YYYY-MM-DDTHH:MM:SS.994+01:00] [WARN ] p-nio-127.0.0.1-5090-exec-16 70000725 100016 200006 com.vmware.vise.actionsfw.impl.ActionImpl                         Action vsphere.core.folder.keyProvider.makeDefault has no visual representation.
    [YYYY-MM-DDTHH:MM:SS.994+01:00] [WARN ] p-nio-127.0.0.1-5090-exec-16 70000725 100016 200006 com.vmware.vise.actionsfw.impl.ActionImpl                         Action vsphere.core.folder.keyProvider.add.native has no visual representation.

Environment

VMware vCenter Server 7.x
VMware vCenter Server 8.x

Cause

This issue is caused due to a mismatch between the vCenter FQDN and the PNID.

Resolution

  • Verify whether there is a mismatch between the vCenter FQDN and the PNID
  1. Login to the vCenter via SSH
  2. Run the below command to verify the vCenter PNID

    /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

  3. Run the below command to verify the hostname

    hostname -f

Ensure there is valid backup/offline snapshot of the VCSA prior to making any changes. Refer to VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice

  • If a mismatch is found between the vCenter FQDN and the PNID, Update the vCenter FQDN to match the PNID.

    /opt/vmware/share/vami/vami_set_hostname <PNID>

Once the vCenter FQDN and PNID are identical, you should be able to successfully back up the Native Key Provider.

Additional Information

In case if the vCenter PNID is incorrect and needs to be changed, Follow one of the below KBs - 

Reconfigure the Primary Network Identifier
Cannot change the vCenter Server or Platform Service Controller 6.x hostname on versions prior to vCenter Server 6.7 Update 3

Also be sure to check the browser developer console (F12) which will give additional information about the error

 

Powered by Wolken Software