VM backups fail with error code VMWARE_VDDK1
Problem description
VM backups fail with error SyncError: You do not have access rights to one or more vmdk files of the VM. (#100050001:13).
Cause
The EXSi Server is unreachable from the VMware Proxy. This issue could be one of the following issues:
- Proxy is unable to connect to the EXSi host IP address
- TCP port 902 on the EXSi host is blocked
- Hostname Resolution
Troubleshooting
IP connectivity
On the Proxy: command: ping <ESXi host IP or Hostname>
* if ping fails, determine why network connectivity is failing.
Port Connectivity
On the Proxy: command: nc -v < esxi hostname> 902
* if not connected, the port is block. Check the ESXi host firewall or other network devices that could be blocking TCP 902
Hostname/DNS Resolution
Check the DNS configuration: on the proxy: command: cat /etc/resolv.conf
* verify correct DNS servers with customer
Check DNS resolution: on the proxy: command: nslookup <exsi hostname>
* result should resolve IP address of ESXi host, if not resolve DNS issue or add host entries to host file [/etc/hosts]
Traceback
Phoenix logs:
{snippet}
[2019-02-27 17:05:45,908] [ERROR] Failed to open the Disk [ABC-XXX] ABC/ABC-XXX01.vmdk
[2019-02-27 17:05:45,908] [ERROR] Error <class 'inSyncLib.inSyncError.SyncError'>:You do not have access rights to one or more vmdk files of the VM. (#100050001 : 13) (Error Code : VMWARE_VDDK1). Traceback -Traceback (most recent call last):
File "agents/vmware/dataManager.py", line 257, in _open_retry
File "agents/vmware/vixDiskLibOCManager.py", line 69, in open
File "agents/vmware/vixDiskLibOCManager.py", line 91, in enqueue_work_wait
SyncError: You do not have access rights to one or more vmdk files of the VM. (#100050001 : 13) (Error Code : VMWARE_VDDK1
VDDK logs:
{Snippet}
019-02-28T00:19:15.834-05:00| vthread-5| I125: NBD_ClientOpen: Couldn't connect to 192.168.0.17:902 Failed to connect to server 192.168.0.17:902
2019-02-28T00:19:15.834-05:00| vthread-5| I125: DISKLIB-DSCPTR: : "vpxa-nfcssl://[ABC-XXX] ABC/ABC-XXX01.vmdk@192.168.0.17:902" : Failed to open NBD extent.
2019-02-28T00:19:15.839-05:00| vthread-5| I125: NBD_ClientOpen: attempting to create connection to vpxa-nfc://[ABC-XXX] ABC-XXX01/XXX0101.vmdk@192.168.0.17:902
Resolution
- Resolve network connectivity issue
- Resolve DNS/Hostname resolution issue
- Resolve firewall/TCP port block issue
Resolution example
- Try to telnet/nc from backup proxy to ESXi on port 902. Check if port 902 is blocked on the ESXi as backup proxy is not able to communicate with ESXi. For successful communication, open the port 902 on ESXi host.
- If telnet is successful but still backups are failing. Please ensure that Backup Proxy and the ESXi host are in the same network subnet.
For example-
If ESXi host has 3 segments, but DNS registered segment is 10.77.4.x/24.
On vCenter, Select the host->Configure->Networking->VMkernel adapters
10.77.4.x/24 (DNS registered)
10.77.10.x/24
10.77.60.x/24
Backup Proxy's IP address is 10.77.10.xx
In this case, backups will fail. Please verify the following for successful connection:
Ensure that IP address of the ESXi host which is configured for backup proxy is DNS registered.
Confirm that DNS is configured correctly in the proxy configuration. Reconfigure to correct the entries if needed.
Temporary workaround-
In "/etc/hosts" of Backup Proxy, you can add "10.77.10.X" as the ESXi host's IP address, which belongs to the same segment as the Backup Proxy.
Note: We do not encourage making changes in the host file as this can cause discrepancies while making network configuration changes in the future.
Verification
Initiate a manual backup and verify whether it completes successfully.