SDDC backup fails with this error "Could not retrieve the fingerprint of the SFTP server."
search cancel

SDDC backup fails with this error "Could not retrieve the fingerprint of the SFTP server."

book

Article ID: 419410

calendar_today

Updated On:

Products

VMware SDDC Manager VCF Operations

Issue/Introduction

While Trying to backup SDDC manager we encounter the following error:

Could not retrieve the fingerprint of the SFTP server. Please check that the server is accessible from the management network and re-enter the IP address.Failed to fetch fingerprint for the given backup server mft.carilion.com and port 22.

/var/log/vmware/vcf/operationsmanager/operationsmanager.log

YYYY-MM-DDTHH:MM:SS+0000 INFO  [vcf_om,558ec9a07bc64cab,eaf8] [c.v.v.c.f.p.b.r.v.BackupLocationValidator,http-nio-127.0.0.1-7300-exec-8] ERROR_CODE, SSH_CONNECTION_FAILED_IO_ERROR
YYYY-MM-DDTHH:MM:SS+0000 ERROR [vcf_om,558ec9a07bc64cab,eaf8] [c.v.v.c.f.p.b.r.v.BackupLocationValidator,http-nio-127.0.0.1-7300-exec-8] SSH connection failed for ###.###.###.###(sftp server IP address)
YYYY-MM-DDTHH:MM:SS+0000 DEBUG [vcf_om,558ec9a07bc64cab,eaf8] [c.v.v.c.f.p.b.r.u.BackupLocationValidatorUtil,http-nio-127.0.0.1-7300-exec-8] Locale from LocaleContextHolder - en_US
YYYY-MM-DDTHH:MM:SS+0000 ERROR [vcf_om,558ec9a07bc64cab,eaf8] [c.v.v.i.b.i.TranslationMessage,http-nio-127.0.0.1-7300-exec-8] Can't find resource for bundle java.util.PropertyResourceBundle, key SSH_CONNECTION_IO_ERROR.remedy
YYYY-MM-DDTHH:MM:SS+0000 ERROR [vcf_om,558ec9a07bc64cab,eaf8] [c.v.v.i.b.i.TranslationMessage,http-nio-127.0.0.1-7300-exec-8] Can't find resource for bundle java.util.PropertyResourceBundle, key SSH_CONNECTION_IO_ERROR.error
YYYY-MM-DDTHH:MM:SS+0000 DEBUG [vcf_om,558ec9a07bc64cab,eaf8] [c.v.e.s.c.c.e.ValidationLocalizationTools,http-nio-127.0.0.1-7300-exec-8] Cannot find message for error code SSH_CONNECTION_IO_ERROR.error
YYYY-MM-DDTHH:MM:SS+0000 DEBUG [vcf_om,558ec9a07bc64cab,eaf8] [c.v.e.s.c.v.util.ResponseUtil,http-nio-127.0.0.1-7300-exec-8] Build validation response: {"errorCode":"SSH_CONNECTION_IO_ERROR.error","arguments":["###.###.###.###(sftp server IP address)"],"context":{"severity":"ERROR","bundleName":"com.vmware.evo.sddc.common.validation.errors.messages"},"message":"Failed to open ssh connection to ###.###.###.###(sftp server IP address). Please check if server supports and prefers SHA256 KEX algorithm.","cause":[{"type":"com.vmware.vcf.secure.ssh.errors.VcfSshException","message":"*****"}]}
YYYY-MM-DDTHH:MM:SS+0000 DEBUG [vcf_om,558ec9a07bc64cab,eaf8] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-8] Processing localizable exception Invalid parameter: Failed to open ssh connection to ###.###.###.###(sftp server IP address). Please check if server supports and prefers SHA256 KEX algorithm.

Environment

VCF 9.0.1 

SDDC Manager 9.0.1

Cause

This is caused because the sftp server in use does have a NIST key, which is required, but is not using sha256 or 512 for the key algorithm. We can connect to the sftp server from the OS level but the application level requires the sha algorithms

Resolution

Configure the sftp server to use sha256 or 512 algorithm or use another server with those keys and algorithms as outlined in this document

Reconfigure SFTP Backups for SDDC Manager and NSX Manager

Powered by Wolken Software