File-based VCSA backup over SCP not working against non-Linux SSH server

This post was originally published on this site

I’ve been attempting to test out the SCP option in the new File-based VCSA backup feature in 6.5 (specifically, I’m testing against 6.5.0e which is the latest as of today). My backup target is currently a Windows box running Bitvise SSH Server using a dedicated local account that is limited to file transfers only (no shell) and a virtual root directory.  The user config looks like this if anyone wants to try and reproduce locally.




I have verified that SCP file transfers to and from my VCSA to this SSH server using the account I configured work just fine. That is, I can SSH to vCenter, drop to the shell, and “scp filename backup@myserver:/” or “scp backup@myserver:/filename ./” and everything transfers successfully.


However, when I attempt to configure the backup job from the VCSA web UI, I get the following error.


Access to the remote server is denied. Check your credentials and permissions.


For reference, here are the values I used in the wizard. I also pre-created an empty “myfolder” in the virtual root.



When I check the logs on the SSH server, I see that the session was denied because it was attempting to execute a command, “Command execute request rejected.” This is exactly what I wanted it to do when I set the “No shell access” option. But why is VCSA trying to open a shell when it’s supposed to be using SCP?


So let’s dig into the log on the VCSA side.  I see this in /var/log/vmware/applmgmt/backupRestoreAPI.log:


[MainProcess:PID-2311] ERROR: Failed to validate SSH login at; sshCmd:[‘sshpass’, ‘-p’, ‘****’, ‘ssh’, ‘-o’, ‘ConnectTimeout=10’, ‘-o’, ‘StrictHostKeyChecking=no’, ‘-p’, ’22’, ‘-q’, ‘-l’, ‘****’, ‘’, ‘exit’], rc: 255, stdOut: , stdErr:


That definitely verifies that it was trying to open a shell. But why? Just to validate credentials in the wizard? Why not just SCP a zero byte file or something?  Again, I’ve already verified that plain old scp works just fine with the current configuration and the GUI and Docs all refer to this option specifically as “SCP” and not “SSH”.


In any case, now I’m curious what it will take to get it to work. So I modify the settings for the backup user to allow a shell. Bitvise has a few options for shells. But the only one that respects the virtual filesystem root folder is their BvShell option. From their help docs:


BvShell is a bash-like shell provided by the SSH Server. This is the only shell type which respects the virtual filesystem layout configured for the client in SSH Server settings. BvShell does not permit execution of arbitrary programs. It is intended to be enabled for clients limited to file transfer access that may wish to use commands (e.g. file copy) that their SFTP or SCP client might not provide. (emphasis mine)


Sounds great! The backup user should still be tied to the virtual root folder and limited to commands that are associated with file transfers. I run through the wizard again and make it through to where it seems to be starting the backup job. But it eventually errors out with the message,


BackupManager encountered an exception. Please check logs for details.


So, back to the logs. backupRestoreAPI.log is no help. It just confirms the job failed. There’s now a /var/log/vmware/applmgmt/backup.log though which has more details.


[MainProcess:PID-60326] ERROR: Failed to create dir /myfolder/ at; sshCmd:[‘sshpass’, ‘-p’, ‘****’, ‘ssh’, ‘-o’, ‘ConnectTimeout=10’, ‘-o’, ‘StrictHostKeyChecking=no’, ‘-p’, ’22’, ‘-q’, ‘-l’, u’****’, u’′, u’mkdir -p /myfolder/’], rc:2, stdOut:, stdErr:mkdir: Unexpected command parameter: -p.


So it’s trying to create the “myfolder” which I had already pre-created using “mkdir -p” and apparently the mkdir command in BvShell doesn’t support the “-p” option. So now we know not only does this “SCP” transfer method require a shell to execute commands. It is also expecting to have access to (presumably) GNU compatible binaries.


None of our other shell choices in Bitvise respect the virtual filesystem root. So at this point, we’re not going to satisfy the security folks even if we do manage to make this work. But in the interest of science, let’s see if we can go further and make it work.  The “Command Prompt” and “Powershell” options are going to be no good without installing Windows ports of those utilities or resorting to Cygwin. “Git access only” won’t work either.  But we do have a “bash” option that just needs to be pointed to an executable and this server already has Git for Windows installed which comes with Git Bash that might just do the trick. At the very least, it has a GNU mkdir that supports “-p”.


So we change the backup user’s shell to “bash” and point it to “C:Program FilesGitbinbash.exe”. We also change the virtual filesystem layout to “Allow full access” and update the Location we’re using in the Backup GUI to “”.  We make it through the Backup wizard GUI again and the job starts…and then fails with,


Error at process ComponentScriptsBackup; rc:1. For details please check the log file: /var/log/vmware/applmgmt/backup.log.


*sigh* Back to the log file where we find a lot more going on but there’s some sort of error with cat following a tar command?


[LotusBackup:PID-6322] INFO: BackupLotus: Dispatching files [‘lock.mdb’, ‘data.mdb’]

[LotusBackup:PID-6322] INFO: tarCmd = tar -cz -C /tmp/backup_lotus/ –ignore-failed-read –warning=”no-file-ignored” “lock.mdb” “data.mdb”

[ComponentScriptsBackup:PID-6324] ERROR: rc: 1, stderr: cat: ‘>’: No such file or directory

cat: /c/temp/backup/myfolder/imagebuilder.gz.enc: No such file or directory

[ComponentScriptsBackup:PID-6324] ERROR: Component imagebuilder backup dispatch failed.


At this point I’m spent and I keep coming back to the same question. Why is this backup option labeled “SCP” if it’s not actually going to use SCP???  There’s nothing in the documentation that references any requirements for a GNU compatible shell or even a shell at all. The only notes about SCP at all are reminding you to use the absolute path to the folder. Why should SCP work any differently than FTP where it is clearly able to just transfer the backup files???


This post was originally published on this site

Today we are pleased to announce the official launch of This portal unifies the product documentation for all VMware products, versions, and languages into a single platform so you can find the information that you are looking for more quickly and easily. VMware products offer a wide range of business solutions from desktop virtualization to supporting your hybrid cloud. We’ve heard your feedback that finding the right information can be difficult. Our search was out of date, the look and feel were not modern, the content was siloed, and the docs were not available on mobile devices. To address these problems, we decided to start from scratch. The design of this site is meant to enable you to better filter content, find relevant answers, and create custom views of information that you can access on any device.

Key Features for You

Here are a few features that we hope will help you find the information that you need.

It’s All About Search

Our site design features search on every page. We built a new search experience powered by Elasticsearch with an intuitive taxonomy to help you more easily locate relevant content. You can search the entire site or a particular book.

Filter to Find What You Need

With tens of thousands of pages of information, you need help reducing the scope of content to the products that you care about. Use the filters to limit your search to particular products, versions, subjects or information types.

Create Custom Docs Collections and Share Content

Your VMware stack spans many products and versions and you need a way to manage the product documentation for your specific portfolio. MyLibrary enables you to assemble custom doc sets and share as HTML collections. You can add and organize product documentation from any product, any version, and any language.

Products currently supported

Currently, we support the products listed below:

  • VMware vSphere
  • VMware NSX for vSphere
  • VMware vSAN
  • VMware vRealize Automation
  • VMware Identity Manager
  • VMware Horizon 7
  • VMware Integrated OpenStack
  • VMware Cloud Foundation
  • VMware Workstation Pro, Player
  • VMware Fusion
  • VMware Site Recovery Manager
  • VMware vRealize Orchestrator
Your Feedback

The launch of this site is only Step 1. We’ve put in new feedback mechanisms so we can hear from you more often and make more frequent improvements to the site and content. Explore now and let us know if you want to get involved in helping us evolve our docs.

The post Introducing appeared first on Support Insider.

VMware standalone converter error

This post was originally published on this site

Hello! I’m trying to do a P2V conversion to a ESXi 6.0 host using the VMware standalone converter on a Windows 2012 server. After completing the C: drive, and starting a larger 1.8TB drive, the conversion fails with the following error:


FAILED: An error occurred during the conversion: ‘BlockLevelVolumeCloneMgr::CloneVolume: Detected a write error during the cloning of volume WindowsBitmapDriverVolumeId=[D4-6B-30-48-00-00-10-00-00-00-00-00]. Error: 37409 (type: 1, code:


My ESXi host has over 12T local storage, with 8TB free. Has any seen this?


Any help would be appreciated!

Script for ESXi Host AD Join

This post was originally published on this site

Hi All,

I have frequently few esxi hosts goes out of domain or my AD group permissions will go away in my infrastructure..sometime its count will be more around 50+.


To login each host add them in domain and add my AD group is lengthy process.


Is there a script which can do it in single shot, for below requirement.


Script should


1. Connect all my vCenters

2. Pick the host from Get-Content ( which will have my hosts which are out of domain)

3. Should ask the default ESXi root password

4. Should take host in Maintenance Mode

5. Then it should join the esxi host in domain

6. Then it should add my AD group

7. Finally Exit from maintenance mode

8. Export the output report in CSV which all host it could able to join domain and add AD group and exited it from Maintenance Mode.




Thanks a Ton in Advance.