- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Converter failing at 3% with Host <IP> key can't be retrieved
Hello,
I am working on getting an old CentOS 5.11 server moved P2V and while trying to use the VMWare converter standalone tool seem to be hitting a wall at 3% getting the message:
I looked over the Server and Worker logs, and have been googling and looking over tons of VMWare community pages that have had the similar issue and have tried the following things:
- Enabled SSH v2 protocol on server
- enabling RSA authentication, enabling public key authentication, enabling authentication files, allowing multiple sessions up to 5
- added "ALL:ALL" and also tried adding the specific IP's for the ESXi and the helper.
- confirmed nothing listed in hosts.deny file
- Disabling iptables
- disabling ipv6 on the converter helper during set up.
I have attached the fresh logs from the latest attempt in this post.
I am open to any further ideas some of you have, or something I may have missed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you check if there is any Firewall or Proxy blocking communication?
vRO123
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @dmyersbasch ,
The error message "Host <IP> key can't be retrieved" indicates that the VMware vCenter Converter Standalone tool is unable to retrieve the public key for the ESXi host that you are trying to convert the physical machine to.
If you have previously connected to the ESXi host from the Converter machine, verify that the SSH key fingerprint of the ESXi host matches the one stored on the Converter machine. If not, delete the old fingerprint and reconnect to the ESXi host to accept the new fingerprint.
Visit my blog:AngrySysOps.com
YT: AngryAdminYoutube
Visit my:Xwitter
If my answer has successfully addressed your issue, kindly mark it as RESOLVED. If it has provided valuable assistance, consider giving it a KUDOS. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@VRO123 Firewall is disabled on the Linux server that we are trying to P2V, and the Host server that has the ESXi server is a fresh install of ESXi. General network firewall allows traffic from one device to another.
@ptarnawski So this is one portion of the process that I am not sure why it would be an issue as we connect to the device using password, not ssh key. We do get the prompt to accept the ssh fingerprint from the Linux machine at the beginning of converter tool process, and this happens every time we try.
I have already turned on the ability to allow RSA keys not just DSA keys on the Linux server.
How do we verify the ESXi host machine fingerprint, and does it not use the same fingerprint each time we run the converter process?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @dmyersbasch
Regarding the ESXi host's fingerprint, it is typically generated when SSH is first enabled on the ESXi host, and it should remain the same unless SSH key regeneration has occurred on the ESXi host itself.
You can SSH into the ESXi host from a terminal or SSH client on your Converter machine. Use the ESXi host's IP address or hostname and the SSH username/password.
ssh username@esxi_host_ip
once connected to the ESXi host, you can view the fingerprint of its SSH key. The fingerprint is typically stored in the
/etc/sshdirectory.
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
Replace
/etc/ssh/ssh_host_rsa_key.pubwith the path to the RSA key file on your ESXi host.
Compare the fingerprint displayed in the SSH prompt when you connect to the ESXi host from the Converter tool with the fingerprint obtained from the ESXi host directly.
If the fingerprints match, it means that the Converter tool is attempting to connect to the correct ESXi host. If they do not match, it could indicate a configuration issue on the ESXi host itself.
Visit my blog:AngrySysOps.com
YT: AngryAdminYoutube
Visit my:Xwitter
If my answer has successfully addressed your issue, kindly mark it as RESOLVED. If it has provided valuable assistance, consider giving it a KUDOS. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ptarnawski
I attempted to run the commands you showed in the previous comment, but found that ssh-keygen command could not be found. After investigating, i found that I had to run the command from its location
/usr/lib/vmware/openssh/bin/ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
However the output for this did not appear in the same format nor letters as I am used to seeing a thumbprint shown as.
After researching how to view the fingerprint on ESXi and inspecting the ESXi host I was able to run the following to confirm the fingerprint
openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout
I then tried to run the Converter tool again and when it got to adding the destination, it always comes back with a security warning, saying the host certificate has these problems:
So viewing the certificate details under Thumbprint, I was able to verify that the thumbprint matches that which I had previously discovered on the ESXi host.
Any other ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After running the Converter through its steps and failure again, decided to look at the conversion status closer after it failed at 3% as usual.
seeing the following:
FAILED: A general system error occurred: # 192.168.23.2:22 SSH-1.99-OpenSSH_4.3 # 192.168.23.2:22 SSH-1.99-OpenSSH_4.3 # 192.168.23.2:22 SSH-1.99-OpenSSH_4.3 # 192.168.23.2:
22 SSH-1.99-OpenSSH_4.3 Network error. Host 192.168.23.2 key can't be retrieved. (return code 2)
The host this is stating is our CentOS 5.11 device we are trying to pull from for the P2V, not the ESXi host.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I inspected the CentOS 5.11 server I am trying to P2V and ran the ssh-kegen -lf command.
I confirmed that the thumbprint that shows on the server, matches the thumbprint that shows up in the first thumbprint warning when connecting to the Source machine in VMware converter.
Back to square one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CentOS 5?
This system is from 2014! This is the point at which I would not touch it, as it is no longer a reliable system. What's stopping you from upgrading to a newer, more stable, and safer version?"
Visit my blog:AngrySysOps.com
YT: AngryAdminYoutube
Visit my:Xwitter
If my answer has successfully addressed your issue, kindly mark it as RESOLVED. If it has provided valuable assistance, consider giving it a KUDOS. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, very old unfortunately. We are having to keep it alive for historical purposes for client due to subpoena. Unfortunately the software used is very old as well and is no longer supported and not available anymore. We were hoping to be able to P2V the device to be able to do backups of the data, instead of continuing to repair and keep this old PowerEdge server alive.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Previously we had tried to use CloneZilla to make an image and or images of the OS and its files, but when trying to pull from images to VM in Hyper-V it has run into numerous issues and Kernel panics preventing the device to boot properly with everything left in place. We were told to try this solution but it appears, due to age of the CentOS machine, we may not be able to utilize this solution either unless we can resolve why it cant seem to get the SSH key to continue pass 3%.
My next steps are to try and use DD to directly image to VM via SSH, and if that doesn't work, to try and DD to a drive and flatten due to this device having numerous Drives and partitions.