Skip to content

Recover NSX Manager Backup Passphrase

I managed to break our test environment trying to update some internal certificates that were close to expiration. I attempted to restore a NSX Manager backup and discovered that the backup passphrase that I had saved was not correct. I could not for the life of me find any documentation on how one might recover a lost NSX Manager backup passphrase.

Luckily for me, I was able to log in to the broken manager and not yet deleted it. I did some digging and thanks to this blog post by Tony Williamson, I was able to figure out that I could get the current backup configuration with the root user on the NSX Manager with this command: /opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t BackupConfig. Also note that certain special characters in the backup passphrase might appear as escaped UTF characters you will need to decode.


root@nsxmgr:~# /opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t BackupConfig
Env is ON_PREM
Welcome to use NSX corfu tool.
This tool can help you to examine data in a CorfuDB database.

...SNIPPED A BUNCH OF LOG MESSAGES...

Key:
{
  "stringId": "BackupConfigIdentifier"
}

Payload:
{
  "managedResource": {
    "displayName": "BackupConfigIdentifier"
  },
  "backupEnabled": true,
  "server": "sftp.example.com",
  "serverPort": 22,
  "intervalBackupSchedule": {
    "secondsBetweenBackups": "86400"
  },
  "ftpConfig": {
    "sshFingerprint": "SHA256:REDACTED",
    "authenticationScheme": {
      "scheme": "SCHEME_PASSWORD",
      "username": "sftpuser",
      "password": "mySFTPpassword"
    }
  },
  "directoryPath": "/my/backup/path",
  "passphrase": "myBackupPassphrase,
  "secondsBetweenInventoryBackups": "240"
}

Metadata:
{
  "revision": "4",
  "createTime": "1636744610911",
  "createUser": "system",
  "lastModifiedTime": "1637338209082",
  "lastModifiedUser": "admin",
  "productVersion": "3.2.2.0.0"
}
Table size=1

In addition to recovering a lost NSX Manger backup passphrase, you could also use this technique to recover a lost SFTP password or SSH key. That is something much easier to replace or reset if lost though.

If you do perform a NSX Manager restore and encounter an error that states Error copying inventory backup file from/to remote/local server, do not despair. This could be a known issue with a workaround documented in NSX-T 4.x restore failed (90676).

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *