Hi Tom
**Possible Cause**
The SFTP account was expired on the backup server.
** Resolution **
To resolve this issue, refresh the expired account on the backup server.
** Other checks list **
[] - Verify that the folder exists on the SFTP backup server.
[] - Verify that the SFTP permissions on the folder allow you to write to it.
[] - Check the user account being used to connect to the Backup server is valid and working.
[] - Try manually connecting to the same SFTP using either an FTP utility or CLI.
Example: sftp username@IPAddress
[] - Manually clear and readd all the Backup parameters and save the configuration again in SDDC Manager.
[] - To obtain the SSH Fingerprint of the target system to verify, connect to the SDDC Manager Appliance over ssh and run the following command:
ssh-keygen -lf <(ssh-keyscan -p 22 -t rsa sftp_server_fqdn 2> /dev/null) | cut -d' ' -f2
[] - Testing connectivity between NSX-T manager and the SFTP server
Login to an NSX-T manager appliance via root or if you do not have root login enabled you can login via the ‘admin’ account and then type ‘st en’ and then provide your root password.
nsxt-mgr> st en
Password:
***************************************************************************
NOTICE TO USERS
WARNING! Changes made to NSX Data Center while logged in as the root user
can cause system failure and potentially impact your network. Please be
advised that changes made to the system as the root user must only be made
under the guidance of VMware.
***************************************************************************
root@nsxt-mgr:~#
From the root CLI of an NSX-T manager appliance we will run the following command to try and connect to our SFTP server and login using the built in OpenSSH package on the NSX-T appliance.
sftp svc_backup-nsxt@sftp-backup
The authenticity of host 'sftp-backup (10.0.1.27)' can't be established.
ECDSA key fingerprint is SHA256:tm1qkfHb19sx5qzwJABAtojOd4cVywRCjmkoGeHeR6E.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sftp-backup' (ECDSA) to the list of known hosts.
Authorized Personnel Only
--------------------------------------------------------
WARNING: Unauthorized access to this system is forbidden
and will be prosecuted to the fullest extent of the law.
--------------------------------------------------------
svc_backup-nsxt@sftp-backup's password:
Connected to sftp-backup.
Now that we are connected to our SFTP server we have successfully validated
We have network connectivity from the NSX-T manager to the SFTP server
The SFTP server service is running on the SFTP server listening for connections
The service account created has permission to connect via the SFTP protocol
Now we need to verify the service account has permission to navigate to the destination backup folder structure we created earlier and create a folder to verify we have ‘write’ permissions
cd /mnt/backups
mkdir test
ls
test
rmdir test
ls
bye
We have now successfully deployed a backup SFTP server that meets the security requirements of NSX-T and validated end to end network connectivity, the SFTP service is running/listening and we have the necessary permissions.
HTH
Michele V.