NSX-T Backup Fails with Authentication Error 29115 Due to SFTP Server Connection Reset
search cancel

NSX-T Backup Fails with Authentication Error 29115 Due to SFTP Server Connection Reset

book

Article ID: 433233

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Attempts to configure or execute an NSX-T/NSX Manager backup to an external SFTP server fail. While the initial directory structure may be created, the process terminates with an authentication failure.

Symptoms:

  • UI Error: Authentication: Failed on Fileserver (Error Code: 29115)

  • Manual SFTP connectivity via CLI (sftp <user>@<ip>) from the Manager node may succeed, but the automated process fails.

 

  • Log entries in NSX-T Manager /var/log/syslog show:

2026-02-18T10:09:29.819Z napi.root.node.file-store.utils ERROR Unexpected ssh output: Connection reset by #.#.#.# port 22
2026-02-18T10:09:29.820Z napi.root.node.file-store.utils ERROR Unexpected ssh output: Connection closed
2026-02-18T10:09:29.820Z napi.root.node.file-store.utils ERROR OSError processing ssh command [Errno 5] Input/output error
Traceback (most recent call last):
  File "/opt/vmware/nsx-node-api/bin/python/management_api/napi/root/node/file_store/utils.py", line 603, in _ssh_cmd
    output = os_read(fd, 1024, True)
  File "/opt/vmware/nsx-node-api/bin/python/management_api/napi/root/node/file_store/utils.py", line 568, in os_read
    output = do_os_read(fd, n)
  File "/usr/lib/python3/dist-packages/gevent/os.py", line 93, in nb_read
    return _read(fd, n)
OSError: [Errno 5] Input/output error

 

  • Packet captures reveal a TCP RST (Reset) sent by the SFTP server.

Environment

VMware NSX

VMware NSX-T Data Center

Cause

The issue is caused by a "Multiple SSH connection blocked" security rule enabled on a vendor firewall (transit or destination) situated between the NSX Manager and the SFTP server.

Resolution

Identify the specific vendor firewall in the network path between the NSX-T Management Cluster and the SFTP server.

Modify the firewall security policy to exclude the NSX Manager VIP and Management IP addresses from the "Multiple SSH connection blocked" or "SSH Brute Force Protection" rule.

Alternatively, increase the threshold of allowed concurrent SSH connections/probes for the specific source IPs of the NSX-T nodes.

Validate the fix by initiating a manual backup from the NSX-T Manager UI (System > Lifecycle Management > Backup & Restore > Backup Now).

 

Powered by Wolken Software