I'm trying to transfer settings from an old (existing) install of ESX to a fresh installation of ESX ver. 7.0.u3c using the followng article:
Locally restoring an ESXi configuration from state.tgz backup (2043048):
https://kb.vmware.com/s/article/2043048
To restore the ESXi configuration locally:
Run the auto-backup.sh script to confirm you have an up-to-date host configuration saved in the /bootbank/state.tgz file.
Once i get to this point, I'm at a loss, as upon extraction, I do not get the expected output from the 'state.tgz' compressed archive... Per the article, I should unzip a 'local.tgz' file, which I would then perform the following commands:
Verify there is not already a local.tgz file under / (the root directory) and then copy the newly extracted local.tgz file to the / directory by running these commands:
# cd /
# mv local.tgz local.tgz.old
# cp /tmp/local.tgz
... But I instead get the 'local.tgz' file, a 'local.tgz.VE' file is generated (actual output).
What is this 'local.tgz.ve' file and how do I proceed? It seem to be encrypted, but I don't know how to unencrypt; and I can't find anything on the web...
Any assistance you can provide would be appreciated...
Hi,
I have the same problem to resting passwod using Ubuntu Live CD. When i do:
cp state.tgz /tmp cd /tmp tar xzf state.tgz
ls
local.tgz.ve
What is local.tgz.ve? Can i uncompresse it to have the /etc/shadow file?
Hello,
.ve file is a encrypted file and to manage encrypted you have crypto-util command:
from vSphere 7, after you untar state.tgz present in /dev/sda5, you will find local.tgz.ve is encrypted
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-9AA429CE-2D90-4B7...
Best regards
So ,
Because it's so fragile these days, I borked my network setup on esx and it is not accessible. I am booting from an external USB drive so I do have access to the state files.
If you are able to access a host while it's still running, crypto-util will work just fine.
If you are NOT able to access a host while it's running because the network interfaces are down, This little "security enhancement" effectively breaks your ability to repair your ESX installation doesn't it? I am not on the booted host so no access to the key needed to decrypt this new (now "old" in vmware's eyes I suppose) .ve file since the key would be obfuscated in such a way that you would not be able to access it from the USB device.
I can see how this might add some security. However, it will for sure make you find out the hard way that an offline configuration backup is necessary. Of course if you're doing that, it basically undoes some of the "security" this feature provides.
Whomever decided that this extra step was useful (not surprisingly) didn't think carefully about the users. I have a few more tricks I can try such as modifying the boot options while I start up, but it's sort of a bad combination to continually make the software more fragile while removing safety nets at the same time.