Creating a workload domain from the SDDC manager fails with "Failed to validate domain spec"
search cancel

Creating a workload domain from the SDDC manager fails with "Failed to validate domain spec"

book

Article ID: 387152

calendar_today

Updated On: 05-26-2025

Products

VMware SDDC Manager

Issue/Introduction

When creating a new workload domain with shared NSX from the SDDC Manager it fails with the error "Failed to validate domain spec".

The following error can be observed in the /var/log/vmware/vcf/domainmanager/domainmanager.log:

yyyy-dd-mmThh:mm:ss ERROR [vcf_dm,23b12c16a07b4996,19a1] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7200-exec-2]  [OO7RGH] PUBLIC_DOMAINSPEC_VALIDATION_FAILED Failed to validate domain spec
yyyy-dd-mmThh:mm:ss DEBUG [vcf_dm,23b12c16a07b4996,19a1] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7200-exec-2]  Handler Error Response: {"errorCode":"PUBLIC_DOMAINSPEC_VALIDATION_FAILED","arguments":[],"message":"Failed to validate domain spec","nestedErrors":[{"errorCode":"INCOMPATIBLE_SHARING_OF_NSX_FOR_NON_ISOLATED_WLD","arguments":["xxxxxxxxxxxxxx","[XXXXXXXXX]"],"message":"NSX xxxxxxxxxxxxxxxx be shared as it is used by other incompatible domains [XXXXXXXX]. NSX can be shared only between non-Isolated WLDs. Please provide a new NSX spec."}],"referenceToken":"OO7RGH"}

Environment

VMware Cloud Foundation 5.x

Cause

Field is_management_sso_domain is set to false for the affected WLD before.

Resolution

Note: Please take a snapshot of the SDDC Manager VM before making changes in the SDDC DB.

Resolution:

1. SSH into the SDDC Manager as the vcf user, then switch to the root user by running:

su -

2. Enter the SDDC Manager DB:

/usr/pgsql/13/bin/psql -h localhost -U postgres

3. Check if the value of is_management_sso_domain is set as false:

select * from domain;

An output similar to the below shows up:

| id                                   | creation\_time | modification\_time | name        | organization | status | type       | vra\_integration\_status | vrops\_integration\_status | vrli\_integration\_status | sso\_id                              | sso\_name     | is\_management\_sso\_domain | dfw\_configuration |
| ------------------------------------ | -------------- | ------------------ | ----------- | ------------ | ------ | ---------- | ------------------------ | -------------------------- | ------------------------- | ------------------------------------ | ------------- | --------------------------- | ------------------ |
| xxxxxxxxxx | 1723033491979  | 1723033491979      | sddcId-1001 | COM          | ACTIVE | MANAGEMENT |                          |                            |                           | xxxxxxxxxx | vsphere.local | t                           |                    |
| xxxxxxxxxx | 1723282831176  | 1723282831176      | vi-vsan     | COM          | ACTIVE | VI         |                          |                            |                           | xxxxxxxxxx | vsphere.local | f                           |                    |

4. Run the following command:

/usr/pgsql/13/bin/psql -h localhost -U postgres -d platform -c "update domain set is_management_sso_domain ='t' where id = 'XXXXXX-XXXXXX-XXXXX-XXXX-XXXX'" 

where id is the WLD id in the domainmanager logs.

After updating the value of is_management_sso_domain to true for the shared WLD, the WLD creation task could be completed successfully.

Powered by Wolken Software