Creating a workload domain from the SDDC manager fails with "Failed to validate domain spec"
search cancel

Creating a workload domain from the SDDC manager fails with "Failed to validate domain spec"

book

Article ID: 387152

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

When creating a new workload domain with shared NSX from the SDDC Manager it fails with the error "Failed to validate domain spec".

Domain manager logs reports log entries similar to:

/var/log/vmware/vcf/domainmanager/domainmanager.log:

yyyy-dd-mmThh:mm:ss ERROR [vcf_dm,####,19a1] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7200-exec-2]  [Token ID] PUBLIC_DOMAINSPEC_VALIDATION_FAILED Failed to validate domain spec
yyyy-dd-mmThh:mm:ss DEBUG [vcf_dm,####,19a1] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7200-exec-2]  Handler Error Response: {"errorCode":"PUBLIC_DOMAINSPEC_VALIDATION_FAILED","arguments":[],"message":"Failed to validate domain spec","nestedErrors":[{"errorCode":"INCOMPATIBLE_SHARING_OF_NSX_FOR_NON_ISOLATED_WLD","arguments":["#####","[#####]"],"message":"NSX ##### be shared as it is used by other incompatible domains [#####]. NSX can be shared only between non-Isolated WLDs. Please provide a new NSX spec."}],"referenceToken":"TOKEN ID"}

Environment

VMware Cloud Foundation 5.x

Cause

In domain table of Platform database, the field 'is_management_sso_domain' set to 'f' (as in false) for the affected Workload Domain.

An example output is similar to;

[/home/vcf ]# psql -h localhost -U postgres -d platform   -c "\x" -c "select id,status,type,name,is_management_sso_domain from domain"


-[ RECORD 1 ]------------+-------------------------------------
id                       | ####-#####
status                   | ACTIVE
type                     | VI
name                     | example-WLD-Name
is_management_sso_domain | f
-[ RECORD 2 ]------------+-------------------------------------
id                       | ####-#####
status                   | ACTIVE
type                     | MANAGEMENT
name                     | example-MGMT-Name
is_management_sso_domain | t

Resolution

Do not proceed without taking a backup (snapshot) of the SDDC Manager VM before making changes in the SDDC DB.

  1. SSH into the SDDC Manager as the vcf user, then switch to the root user by running the command: su -
  2. List fields of domain table to check if the value of 'is_management_sso_domain' field is set to 'f' (as in false) by running the command: psql -h localhost -U postgres -d platform   -c "\x" -c "select id,status,type,name,is_management_sso_domain from domain"

    An output of the command shows similar to:

    [ /home/vcf ]# psql -h localhost -U postgres -d platform -c "\x" -c "select id,status,type,name,is_management_sso_domain from domain"


    -[ RECORD 1 ]------------+-------------------------------------
    id                       | ####-#####
    status                   | ACTIVE
    type                     | VI
    name                     | example-WLD-Name
    is_management_sso_domain | f
    -[ RECORD 2 ]------------+-------------------------------------
    id                       | ####-#####
    status                   | ACTIVE
    type                     | MANAGEMENT
    name                     | example-MGMT-Name
    is_management_sso_domain | t

  3. Set t (as in true) for 'is_management_sso_domain' field by referencing the id corresponding to the affected WLD id. Cross reference the WLD id from the error log snippets.

    Example command is similar to: /usr/pgsql/13/bin/psql -h localhost -U postgres -d platform -c "update domain set is_management_sso_domain ='t' where id = '<id from step#2 where is_management_sso_domain is f> "

  4. Retry the WLD creation task.
Powered by Wolken Software