ESXi

  • 1.  Transferring settings from existing ESX host to fresh ESXi 7.0.u3c install using via esxi-root shell

    Posted Feb 08, 2022 11:05 PM

    I'm trying to transfer settings from an old (existing) install of ESX to a fresh installation of ESX ver. 7.0.u3c using the followng article:

    Locally restoring an ESXi configuration from state.tgz backup (2043048):

    https://kb.vmware.com/s/article/2043048 

    To restore the ESXi configuration locally:
    Run the auto-backup.sh script to confirm you have an up-to-date host configuration saved in the /bootbank/state.tgz file.


    1. The Bootbank/state.tgz file is updated and contains the host configuration.

      Note: The ESXi configuration can be saved locally via the auto-backup.sh script. For more information, see the Saving State Locally section in the Additional Information section of this article.

    2. Copy the /bootbank/state.tgz file to a safe location (for example, a shared datastore or use WinSCP to copy to another location).
    3. Reinstall ESXi.
    4. After the reinstallation completes and the ESXi host boots, copy the saved state.tgz file to the system (for example, to the /tmp directory).
    5. Extract the local.tgz file from the state.tgz archive by running these commands:
      # cd /tmp
      # tar -xvzf state.tgz

    Once i get to this point, I'm at a loss, as upon extraction, I do not get the expected output from the 'state.tgz' compressed archive... Per the article, I should unzip a 'local.tgz' file, which I would then perform the following commands:

    Verify there is not already a local.tgz file under / (the root directory) and then copy the newly extracted local.tgz file to the / directory by running these commands:
    # cd /
    # mv local.tgz local.tgz.old
    # cp /tmp/local.tgz

    ... But I instead get the 'local.tgz' file, a 'local.tgz.VE' file is generated (actual output). 

    emurrayii_0-1644361152149.png

    What is this 'local.tgz.ve' file and how do I proceed? It seem to be encrypted, but I don't know how to unencrypt; and I can't find anything on the web...

    Any assistance you can provide would be appreciated...



  • 2.  RE: Transferring settings from existing ESX host to fresh ESXi 7.0.u3c install using via esxi-root shell

    Posted May 17, 2022 10:34 AM

    Hi,

     

    I have the same problem to resting passwod using Ubuntu Live CD. When i do: 

    cp  state.tgz  /tmp
cd  /tmp
tar xzf  state.tgz
    ls
    local.tgz.ve

    What is local.tgz.ve? Can i uncompresse it to have the /etc/shadow file?



  • 3.  RE: Transferring settings from existing ESX host to fresh ESXi 7.0.u3c install using via esxi-root shell

    Posted Nov 12, 2022 11:48 AM

    Hello,

    .ve file is a encrypted file and to manage encrypted you have crypto-util command:

    https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-A8D99C90-A092-46F8-B9C2-F62856C3AC90.html

     

    bkalem_0-1668255665068.png

     

    from vSphere 7, after you untar state.tgz present in /dev/sda5, you will find local.tgz.ve is encrypted
    https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-9AA429CE-2D90-4B70-A7FA-B93BC40C94A1.html

    Best regards



  • 4.  RE: Transferring settings from existing ESX host to fresh ESXi 7.0.u3c install using via esxi-root shell

    Posted Feb 26, 2023 01:21 AM

    So ,
        Because it's so fragile these days, I borked my network setup on esx and it is not accessible.  I am booting from an external USB drive so I do have access to the state files. 

        If you are able to access a host while it's still running, crypto-util will work just fine.
        If you are NOT able to access a host while it's running because the network interfaces are down, This little "security enhancement" effectively breaks your ability to repair your ESX installation doesn't it? I am not on the booted host so no access to the key needed to decrypt this new (now "old" in vmware's eyes I suppose) .ve file since the key would be obfuscated in such a way that you would not be able to access it from the USB device.
        I can see how this might add some security. However, it will for sure make you find out the hard way that an offline configuration backup is necessary.  Of course if you're doing that, it basically undoes some of the "security" this feature provides.
        Whomever decided that this extra step was useful (not surprisingly) didn't think carefully about the users. I have a few more tricks I can try such as modifying the boot options while I start up, but it's sort of a bad combination to continually make the software more fragile while removing safety nets at the same time.



  • 5.  RE: Transferring settings from existing ESX host to fresh ESXi 7.0.u3c install using via esxi-root shell

    Posted Feb 06, 2025 09:34 PM

    I modified the esx.conf file than my ESXi 8.0.0  fail to boot properly.
    I had try use usb(install ubuntu) to mount disk5 to open the file, but i found the file i can't unzip it(local.tgz.ve)
    I use 

    crypto-util envelope extract --aad ESXConfiguration local.tgz.ve local.tgz

    but it didn't work, and show "crypto-util: commod not found, I try to use "pip install crypto-utils" and it can't install

    I want to ask have anyway to fix it?

    regards,


    Original Message


  • 6.  RE: Transferring settings from existing ESX host to fresh ESXi 7.0.u3c install using via esxi-root shell

    Broadcom Employee
    Posted Feb 11, 2025 05:13 AM

    The "crypto-util" was include in ESXi7.x/8.x.

    So it's necessary to copy state.tgz to ESXi for decryption.

    Refer  https://williamlam.com/2024/10/recovering-esxi-7-x-8-x-host-after-forgetting-or-losing-root-password.html

    Good Luck!


    Original Message