Warning: "Unable to fetch key provider details on host.get provider info error, please check the health logs" on vSAN Skyline Health
search cancel

Warning: "Unable to fetch key provider details on host.get provider info error, please check the health logs" on vSAN Skyline Health

book

Article ID: 404574

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

Symptoms:

  • For one of the ESXi hosts under - vSAN skyline health - vCenter and all hosts are connected to Key Management Servers - Hosts KMS status shows the below error.

Unable to fetch key provider details on host.get provider info error, please check the health logs.

  • Example UI error would be as below.

Environment

VMware vSAN 7.x

VMware vSAN 8.x

VMware vSAN 9.x

Cause

  • The issue is seen when there is a connectivity issues between vCenter and ESXi host when there is Native Key Provider used for encryption.

  • Upon checking the ESXi logs /var/log/kmxa.log shows the below events.

2025-07-16T06:38:06.822Z info kmxa[2099193] [Originator@6876 sub=Default opID=opId-vmcrypt-vapi-2025-07-16T06:38:06.475157Z-9f] Invoke-MethodId: com.vmware.esx.trusted_infrastructure.kms.providers.list
2025-07-16T06:38:06.856Z info kmxa[2099190] [Originator@6876 sub=Default opID=opId-vmcrypt-vapi-2025-07-16T06:38:06.475157Z-9f] Invoke-MethodId: com.vmware.esx.trusted_infrastructure.kms.providers.create
2025-07-16T06:38:06.856Z error kmxa[2099190] [Originator@6876 sub=Default opID=opId-vmcrypt-vapi-2025-07-16T06:38:06.475157Z-9f] MethodResult [FAIL] (MethodId:com.vmware.esx.trusted_infrastructure.kms.providers.create),Error:
-->    com.vmware.vapi.std.errors.unauthorized
--> No messages!

  • Upon checking vCenter server logs /var/log/vmware/vpxd/vpxd.log the events would be reported.

2025-07-16T06:38:06.843Z info vpxd[52504] [Originator@6876 sub=vpxLro opID=sps-Main-217991-924-218018-c9] [VpxLRO] -- FINISH lro-674169718
2025-07-16T06:38:06.860Z error vpxd[26140] [Originator@6876 sub=CryptoManager opID=SWI-3162604f] Failed to call vAPI to create native key provider with provider ID NKP-Key on host [vim.HostSystem:host-1625,esxi.example.com]:
--> {
-->     "ERROR": {
-->         "com.vmware.vapi.std.errors.unauthorized": {
-->             "data": {
-->                 "OPTIONAL": null
-->             },
-->             "error_type": {
-->                 "OPTIONAL": "UNAUTHORIZED"
-->             },
-->             "messages": []
-->         }
-->     }
--> }
2025-07-16T06:38:06.860Z error vpxd[26140] [Originator@6876 sub=CryptoManager opID=SWI-3162604f] Failed to invoke "Providers.Create" on host esxi.example.com.
--> Error:
-->    com.vmware.vapi.std.errors.unauthorized
--> No messages!

Resolution

  • In order to resolve the issue, the communication issues between the vCenter and ESXi should be fixed.

  • Check for the network communication issues between vCenter and host.

  • If the network communication is healthy, fix the trust issues between host and KMS provider (vCenter server) using the instructions below.

Disconnect the host from vCenter and reconnect.

    • Login to vCenter server using vSphere client.
    • Navigate to Home Hosts and Clusters and select a host.
    • Right-click the host and select Connection Disconnect from the pop-up menu.
    • When the managed host’s connection status to vCenter Server is changed, the statuses of the virtual machines on that managed host are updated to reflect the change.

Once the host show in disconnected state, reconnect the host back on vCenter server.

    • Navigate to Home Hosts and Clusters and select a host.
    • Right-click the host and select Connection Connect from the pop-up menu.
    • When the managed host’s connection status to vCenter Server is changed, the statuses of the virtual machines on that managed host are updated to reflect the change.

  • Also, we can restart the vCenter services and check for the issue. refer: Stop, Start or Restart Services on vCenter Server 7.x/8.x

Powered by Wolken Software