Error: "Cannot Fetch Provider Configuration" returned when attempting to create a Tanzu Kubernetes Grid Cluster in VMware Cloud Director
search cancel

Error: "Cannot Fetch Provider Configuration" returned when attempting to create a Tanzu Kubernetes Grid Cluster in VMware Cloud Director

book

Article ID: 386183

calendar_today

Updated On: 05-15-2025

Products

VMware Cloud Director

Issue/Introduction

  • On the second step of creating a new Tanzu Kubernetes Grid cluster the error "Cannot fetch provider configuration. Please contact your administrator" is returned. This would be when the Kubernetes version is selected.
  • The /root/cse.log on the Container Service Extension (CSE) Server shows errors of the form:

I0115 03:47:09.177567   23580 auth.go:50] Using VCD OpenAPI version [37.2]
E0115 03:47:09.179876   23580 auth.go:64] failed to authenticate using refresh token
panic: error logging into VCD: [unable to get swagger client from secrets: [unable to get bearer token from secrets: [failed to set authorization header: [error getting bearer token: error authorizing service account: Post "https://<VCD FQDN>/oauth/provider/token": dial tcp: lookup <VCD FQDN> on 127.0.0.53:53: server misbehaving]]]]

Environment

  • VMware Cloud Director 10.5.x
  • VMware Cloud Director Container Service Extension 4.2.x

Cause

The CSE appliance lacks proper DNS configuration after deployment. This can be told from the logs on the CSE appliance.

Resolution

To resolve this issue ensure that the CSE Server is configured with a valid DNS server.
Typically the DNS server configuration is taken at deployment from the Organization VDC Network to which the CSE Server VM is attached.

Example steps would be as follows:

  1. Log into the CSE appliance command line via a VM Console or SSH.
    NOTE: The default login for user/password is root/vmware but a custom or autogenerated password can also be set on deployment of the CSE Server using Guest OS Customization.
    To view a custom password, locate the CSE Server VM in the Cloud Director UI, open Guest OS Customization > Edit and view the Specify password entry.

  2. Verify the error in the /root/cse.log. In this situation it may look like:

I0115 03:47:09.177567   23580 auth.go:50] Using VCD OpenAPI version [37.2]
E0115 03:47:09.179876   23580 auth.go:64] failed to authenticate using refresh token
panic: error logging into VCD: [unable to get swagger client from secrets: [unable to get bearer token from secrets: [failed to set authorization header: [error getting bearer token: error authorizing service account: Post "https://<VCD FQDN>/oauth/provider/token": dial tcp: lookup <VCD FQDN> on 127.0.0.53:53: server misbehaving]]]]

 

Additional Information

For more information on the prerequisites for deployment of the CSE Server see the documentation, VMware Cloud Director Container Service Extension Server Prerequisites.