Skip to main content

Nutanix Backup Proxy Fails Due to Invalid or Locked Credentials

Nutanix Backup Proxy Fails Due to Invalid or Locked Credentials

Updated yesterday

Problem description

  • Customers may encounter issues where the Nutanix backup proxy is unable to authenticate with Prism Central (PC) or Prism Element (PE) using the configured credentials. This results in:

    • Backup job failures due to user credential errors.

    • Proxy deployment failures when using the same credentials.

Cause

This issue occurs when:

  • The credentials provided for the backup proxy are incorrect.

  • The Nutanix user account is locked out due to multiple failed authentication attempts.

Symptoms

  • Backup jobs fail with authentication-related errors.

  • Proxy deployment cannot proceed due to credential validation errors.

  • Errors appear in the following logs:

    • Backup proxy log: /var/log/Phoenix/main_service.log

    • Nutanix CVM log: ~/data/logs/prism_gateway.log

Traceback

Typical error traces include authentication failures in the backup proxy logs and user lockout errors in the Nutanix CVM logs.

less /var/log/Phoenix/main_service.log tail -F ~/data/logs/prism_gateway.log

Resolution

Follow the steps below to validate and resolve the credential issue:

1. Validate Credentials via Prism

  • Log in directly to Prism Central (PC) or Prism Element (PE) using the same credentials configured for the backup proxy.

2. Verify Credentials via CLI / API

  • Retrieve the VM UUID using Nutanix CLI:

    ncli vm list name=<vm name> | grep 'Uuid' | grep -v Host | cut -d':' -f2 | awk 'NF{$1=$1;print}'

  • Query VM details using curl:

    curl -kX GET -u <user>:<password> --header "Accept: application/json" \ 'https://<PC or PE IP or FQDN>:9440/api/nutanix/v3/vms/<VM UUID>' \ -H 'accept: application/json' -H 'X-Nutanix-Client-Type: ui'

3. Review Logs for Authentication Errors

  • On the backup proxy:

    less /var/log/Phoenix/main_service.log

  • On Nutanix CVM:

    tail -F ~/data/logs/prism_gateway.log

4. Reset Locked Nutanix User Account (if applicable)

  • Log in to the Nutanix CVM as the Nutanix user.

  • Reset the account using:

    allssh sudo faillock --user admin --reset

Prevention (Best Practices)

To avoid future issues:

  • Create a dedicated Nutanix API user for Druva backups (do not share across multiple tools).

  • Assign minimum required roles/permissions.

  • Monitor prism_gateway.log for failed login attempts.

  • Avoid using default admin accounts; configure a service account with strong password rotation policies.

  • Periodically validate credentials with an API call to confirm account activity.

Related Articles
Registration of vCenter backup proxy fails with PHOENIX127
Nutanix VM backup fails with error AHV48 “Nutanix AHV API service not available”
Delete a Nutanix AHV Backup Proxy
Nutanix AHV Backup Proxy is in a Disconnected state
Nutanix Backups Failing with Error Code AHV51 Due to API Authentication Failure.
Did this answer your question?