NSX-T backup restore fails with bad passphrase error
search cancel

NSX-T backup restore fails with bad passphrase error


Article ID: 322452


Updated On:


VMware NSX Networking


  • You have updated NSX-T from 2.3 to 2.4 or above some time in the past and have had other subsequent upgrades.
  • You use a weak passphrase, that is one which is less that 8 characters, no numbers, no upper case or special characters.
  • If you need to restore the backup taken with a weak passphrase, this fails with passphrase error:
Restore process failed. 'Cluster' restore failure, possibly, due to a bad passphrase
bad pasphrase error short.png
  • In the NSX-T manager /var/log/syslog you can see the following error:
2021-09-21T09:23:00.293Z nsxt1.local.net NSX 5969 SYSTEM [nsx@6876 audit="true" comp="nsx-manager" level="INFO" subcomp="manager"] UserName:'admin' ModuleName:'common-services' >Operation:'PUT@/api/v1/cluster/backups/config' Operation status: 'failure' Error: Field level validation errors: {passphrase is too weak. It must be at least 8 characters long and contain at least one each: lowercase, uppercase, >numeric character and special character.}


VMware NSX-T Data Center


  • In previous versions of NSX-T, prior to NSX-T 2.4 the passphrase could be weak.
  • During subsequent upgrades the passphrase was never changed to be a strong passphrase.
  • Upgrades do not validate if the passphrase is strong.
  • Backups will continue to use the old weak passphrase.
  • If you need to restore a backup created with a newer version of NSX-T (2.4 onwards), the appliance requires a strong passphrase when configuring backups, but the backup is created using the weak passphrase.
  • Note, this is part of the restore process, deploy a new NSX-T appliance in the required version, (same as backup) and configure backup settings, before you can do the restore.
  • Therefore you are unable to restore a backup created in a newer version and encrypted with a weak passphrase.


Currently, there is no resolution.

Prior to upgrades, please check the passphrase used is strong, if unsure change it to be a strong passphrase and create a backup.
The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (any other non-space character).
If you read this article and you are unsure you are affected, please change the passphrase and make sure you are using a strong passphrase.