After the deployment of the cloud gateway appliance, when you try to link the cloud vCenter, it fails with a thumbprint error - connection timed out.

Public IP, resolvable over the internet is set for vCenter resolution but the route to the vCGA uses a VPN.

The following error is seen

" Failed to retrieve thumbprint from th host "vcenter.sddc.example.com": [Errno 110] Connection timed out"

Impact/Risks:
Unable to link HLM with the vCGA.
 

This error is encountered when the resolution of the cloud vCenter in the VMC console, settings tab is set to public IP resolvable over the internet whereas the VPN is configured for routing to the on-premise environment.

This is an asymmetric path and the traffic would be dropped.

Kindly follow the below steps:

• Log in to the VMC console (vmc.vmware.com) 
• Verify the VPN configuration for the remote networks, to check if the IP of the vCGA lies in the segment configured for the route. 
• Proceed to check under the settings tab, the resolution address set for the vCenter and change it to resolvable over private IP from VPN using the edit option.