VMware Cloud Community
tjreeddoc
Enthusiast
Enthusiast
Jump to solution

Permission denied when attempting to backup ESXi

All,

I am new to VMware.

I have a standalone ESXi host running an evaluation ESXi license.  I want to upgrade the ESXi host. Before I upgrade, I want to back it up. Can I do that? 

The reason I ask, I receive an error of “unsuccessful : 500 Cannot write to 'D:\Temp\Backups': Permission denied” every time I issue the following command:

vicfg-cfgbackup.pl --server x.x.x.x -s D:\Temp\Backups

Following are the steps I took:

I have a local account on the ESXi Host. 

I have SSH access to the Host from my Windows PC.

I have disabled vCLI Lockdown mode on the ESXi Host.

I have vCLI install on my Windows PC.

On the Windows PC I have the same account (username\password matches).  This account is a local account and is a member of the local Administrators group on the Windows PC.

The account has Full Control of the directory I am trying to write the ESXi Host .tgz file to.

I think there is a role/permissions/firewall issue on the ESXi host preventing the local account from uploading. 

T.J.

Tags (3)
Reply
0 Kudos
1 Solution

Accepted Solutions
virtualDD
Enthusiast
Enthusiast
Jump to solution

Hi tjreeddoc,

See the PM for the link to the script.

Why are you using the vicfg-user.pl? As long as you are working with the root account you don't have to worry about your privileges, they will always be the highest.

Did you try to do a config-backup with the command prompt "run as administator"?

View solution in original post

Reply
0 Kudos
8 Replies
virtualDD
Enthusiast
Enthusiast
Jump to solution

Does your local user account have administrative role on the esxi server?

Your command is valid as far as I can tell (Documentation: vSphere 6.0 Documentation Center ).

If you suspect the esxi firewall preventing the upload you could try to disable it temporarily by issuing the following command on the esxi host:

esxcli network firewall set --enabled false

and then test it. if it works you'll need to add a rule to the firewall to open it. And don't forget to re-enable the firewall with this command:

esxcli network firewall set --enabled true

Reply
0 Kudos
tjreeddoc
Enthusiast
Enthusiast
Jump to solution

VirtualDD,

Thanks for the reply.

Using the commands you provided, I disabled the ESXi firewall.  However, I received the same "Permission Denied" message.

As for Roles, connecting to the ESXi host via the vSphere Client, it is greyed out (Administration>Role).

I tried use the following command to check Roles:

vicfg-user.pl --server x.x.x.x --username "ABCD" --password "changeme"

But, I get an error. 

Am I using the vicfg-user command correctly? 

T.J.

Reply
0 Kudos
virtualDD
Enthusiast
Enthusiast
Jump to solution

In my experience if you connect to a esxi host directly you use the root account which is like the administrator on a windows machine.

do you know the root password of your host? can you try with that account?

if the permission denied is still there when you use the root account I'd say the issue is on your windows machine. I'd try to give "everyone" write access to that folder on your d: drive and try again.

I actually never used the vifg-user.pl command. Looking at the documentation (vSphere 6.0 Documentation Center ) it seems to be intended to manage users and not to test a login or determine the role of a user. But I could be mistaken of course Smiley Happy

Reply
0 Kudos
tjreeddoc
Enthusiast
Enthusiast
Jump to solution

virtualDD,

I do know the root account password of the ESXi host. 

On my Windows PC that runs vCLI, I created a local account (root) and it has the same password as the root account password on the ESXi host. 

The Windows PC local root account is in the Administrators group. 

Just to be on the safe side, as you suggested, I updated the Security on D:\Temp\Backups to allow the local group Everyone with Full\Modify\Read&Execute\List folder contents\Read\Write\.

I login to the Windows PC with the local root account.

Used the vicfg-cfgbackup.pl --server x.x.x.x -s D:\Temp\Backups command and I received the error message “Permission Denied”

Do you think it has something to do with Roles?

Is there a way I can check the role of root via vCLI?

Using the vSphere Client, Roles is greyed out when I check it via the vSphere Client. I think running the PERL script vicfg-user.pl should update the Roles.

While I understand a Role is different that passwd, passwd has root as Administrator.

Also, I am running ESXi v5.1.  I want to upgrade.  But, before I upgrade, I want to back up the existing config.

T.J.

Reply
0 Kudos
virtualDD
Enthusiast
Enthusiast
Jump to solution

T.J.,

I'm sorry, I forgot that Roles is vCenter server component. On your standalone esxi host, especially when using the user root that is of no concern. You can't have any more privileges than root on a standalone esxi host.

Just to try something else: Reading the documentation of the backup command I saw that you can specify local storage on the esxi host as well:

Local storage for backup files is safe because vMA is stored in the /vmfs/volumes/<datastore> directory, which is separate from the ESXi image and configuration files. (vSphere 6.0 Documentation Center ) (or VMware vSphere 5.1 but it's the same)

nevermind, it's talking about the vMA ^^ (it's quite early in my timezone)

Anyways. I never backup esxi hosts because I use a kickstart script with all the configuration of the esxi host in place. If you're interested I can send you the kickstart script I use. But on the other hand I've never had an issue when doing an in-place upgrade of esxi either. So if you want to upgrade I'd do it without backing up the esxi host.

One more thing to try tough.. Which windows version are you using? I remember from similar scripting topics that even tough a user is in the local administrator group it sometimes doesn't get full admin privileges. can you try to run your shell with "run as administrator"? Other than that I think we'll have to find out if there is a log of your vCLI that logs some more information where this "permission denied" is coming from.

Reply
0 Kudos
tjreeddoc
Enthusiast
Enthusiast
Jump to solution

virtualDD,

No roles for a Standalone ESXi host. Understand.

Will you attach the kickstart script?

I am using Windows 10 Professional.

On my Windows 10 Professional PC, I created a local account and placed the local account in the Administrators group.

I made the password the same as the ESXi local account with the same name.

The firewall has been re-enabled.

I logged into the Windows 10 PC as the local account.

I opened a cmd prompt using the "Run As Administrator" and I issued the command

vicfg-user.pl --server x.x.x.x -l "ABCD" -p "changeme"

I do longer received the Permission Denied message.

I now receive :

Use of uninitialized value in string eq XYZ ...line 869.

Use of uninitialized value in string eq XYZ....line 873.

Use of uninitialized value in string eq XYZ....line 878.

Use of uninitialized value in string eq XYZ....line 882.

Use of uninitialized value in string eq XYZ....line 892.

Any help with the attached script would be appreciated.

Ok.  I'll look into upgrading with out backing up the ESXi host.

T.J.

Reply
0 Kudos
virtualDD
Enthusiast
Enthusiast
Jump to solution

Hi tjreeddoc,

See the PM for the link to the script.

Why are you using the vicfg-user.pl? As long as you are working with the root account you don't have to worry about your privileges, they will always be the highest.

Did you try to do a config-backup with the command prompt "run as administator"?

Reply
0 Kudos
tjreeddoc
Enthusiast
Enthusiast
Jump to solution

Dario,

Thank you!

I was using the vicfg-user.pl when I thought I could update Roles.  But, as you told me, their no  Roles when you have a Standalone ESXi Host.  Roles are used when you have vCenter and the ESXi host is controlled by vCenter.

Using the vicfg-cfgbackup.pl --server=x.x.x.x --username=username -l filename command backup the ESXi host to the Windows 10 PC!

I really appreciate all your help!

T.J.

Reply
0 Kudos