During the installation, upgrade, or migration of a VMware vCenter Server Appliance (VCSA) 6.7, the deployment fails during the firstboot phase.

The following error signatures are observed in the firstboot logs located in /var/log/firstboot:

• firstbootStatus.json: "failedSteps": "vapi_firstboot"

• vapi_firstboot.py_####_stderr.log: "Failed to configure vAPI Endpoint Service at the firstboot time"

• cloudvm.log:

  • Stdout: DNS reverse lookup on <REDACTED_IPS> has failed.

  • Unable to obtain hostname from DNS reverse lookup.

  • Please examine DNS/network configuration.

• endpoint.log (located in /var/log/vmware/vapi/endpoint): Cannot initialize STS SSL trust certificate settings

The deployment fails because the static IP address assigned to the vCenter Server Appliance does not have a valid Pointer (PTR) record configured in the Domain Name System (DNS). VMware vCenter Server requires valid Forward and Reverse DNS resolution for successful deployment and service initialization.

1. Verify that both Forward (A) and Reverse (PTR) records for the vCenter Server Appliance are correctly configured on your DNS server.

2. Test the resolution from a machine on the same network using the following commands:

   • nslookup <FQDN>

   • nslookup <IP_Address>

3. If records are missing or incorrect, update the DNS server entries.

4. Once DNS records are validated, restart the vCenter Server Appliance deployment.

ADDITIONAL INFORMATION

For detailed DNS requirements, refer to the official documentation: DNS Requirements for the vCenter Server Appliance