Skip to main content

How can we help you?

Druva Documentation

VM backups fail with error code VMWARE_VDDK1

This article applies to:

  • OS: WS 2008 R2, WS 2012/R2, WS 2016
  • Product edition: Phoenix

Problem description

VM backups fail with error SyncError: You do not have access rights to one or more vmdk files of the VM. (#100050001:13).


Port 902 is blocked on the ESXi which is registered under vCenter. Port 902 must be open for backup proxy to communicate with the ESXi. Backup proxy communicates with vCenter over port 443 and it communicates with ESXi host on Port 902.


Phoenix logs:
[2019-02-27 17:05:45,908] [ERROR] Failed to open the Disk [ABC-XXX] ABC/ABC-XXX01.vmdk
[2019-02-27 17:05:45,908] [ERROR] Error <class 'inSyncLib.inSyncError.SyncError'>:You do not have access rights to one or more vmdk files of the VM. (#100050001 : 13) (Error Code : VMWARE_VDDK1). Traceback -Traceback (most recent call last):
File "agents/vmware/", line 257, in _open_retry
File "agents/vmware/", line 69, in open
File "agents/vmware/", line 91, in enqueue_work_wait
SyncError: You do not have access rights to one or more vmdk files of the VM. (#100050001 : 13) (Error Code : VMWARE_VDDK1

VDDK logs:
019-02-28T00:19:15.834-05:00| vthread-5| I125: NBD_ClientOpen: Couldn't connect to Failed to connect to server
2019-02-28T00:19:15.834-05:00| vthread-5| I125: DISKLIB-DSCPTR: : "vpxa-nfcssl://[ABC-XXX] ABC/ABC-XXX01.vmdk@" : Failed to open NBD extent.
2019-02-28T00:19:15.839-05:00| vthread-5| I125: NBD_ClientOpen: attempting to create connection to vpxa-nfc://[ABC-XXX] ABC-XXX01/XXX0101.vmdk@


  1.  Try to telnet/nc from backup proxy to ESXi on port 902. Check if port 902 is blocked on the ESXi as backup proxy is not able to communicate with ESXi. For successful communication, open the port 902 on ESXi host.
  2. If telnet is successful but still backups are failing. Please ensure that Backup Proxy and the ESXi host are in the same network subnet.              
    For example- 
    If ESXi host has 3 segments, but DNS registered segment is 10.77.4.x/24. 
    On vCenter, Select the host->Configure->Networking->VMkernel adapters
    10.77.4.x/24 (DNS registered)

    Backup Proxy's IP address is 10.77.10.xx
    In this case, backups will fail. Please verify the following for successful connection:
    Ensure that IP address of the ESXi host which is configured for backup proxy is DNS registered.
    Confirm that DNS is configured correctly in the proxy configuration. Reconfigure to correct the entries if needed.
    Temporary workaround-
    In "/etc/hosts" of Backup Proxy, you can add "10.77.10.X" as the ESXi host's IP address, which belongs to the same segment as the Backup Proxy. 

    Note: We do not encourage making changes in the host file as this can cause discrepancies while making network configuration changes in the future. 


 Initiate a manual backup and verify whether it completes successfully.