Enabling VCHA Fails with error "The operation is not allowed in the current state. The management interface (NIC0) IP address does not map to the vCenter Server PNID."
search cancel

Enabling VCHA Fails with error "The operation is not allowed in the current state. The management interface (NIC0) IP address does not map to the vCenter Server PNID."

book

Article ID: 396035

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When attempting to enable (or re-enable) VCHA, the operation fails, and the following error is displayed:

"The operation is not allowed in the current state. The management interface (NIC0) IP address does not map to the vCenter Server PNID."

Environment

vCenter Server 7.x
vCenter Server 8.x

Cause

The cause could be related to one or more of the following:

  • This is likely due to an issue with DNS in the environment
  • There was a failure of the Primary and Witness nodes
  • The Primary and Witness nodes have been deleted and only the Secondary node is successfully running vCenter services

Resolution

1) Validate the PNID of the running vCenter appliance:

#> /usr/lib/vmware-vmafd//bin/vmafd-cli get-pnid --server-name localhost

2) Correctly add the DNS entries for vCenter's FQDN (to match the PNID from above) and IP address in the appropriate forward and reverse zones in DNS.

3) Validate all DNS entries (forward and reverse) are correct and resolvable from the vCenter appliance using nslookup:

#> nslookup FQDN_OR_IP_TO_QUERY DNS_SERVER_FQDN_OR_IP

4) Reenable VCHA

Additional Information

For example, assume the current vCenter and DNS configuration is as follows:

vCenter FQDN: vcenter.example.com
vCenter IP: 192.0.2.20
DNS Server FQDN: dns.example.com
DNS Server IP: 192.0.2.100

And assume the desired VCHA configuration is as follows:

Active/Primary VC: vc-primary
Mgmt NIC0 IP: 192.0.2.20
HA NIC1 IP: 192.0.3.20

Passive/Secondary VC: vc-secondary
Mgmt NIC0 IP: 192.0.2.22
HA NIC1 IP: 192.0.3.22

Witness: vc-witness
Mgmt NIC0 IP: (disabled)
HA NIC1 IP: 192.0.3.21

After adding the correct DNS entries, they can be validated by performing a series of nslookups:

Primary Forward Lookup (by FQDN):

root@vcenter [ ~ ]# nslookup vcenter.example.com dns.example.com
Server:         dns.example.com
Address:        192.0.2.100#53

Name:   vcenter.example.com
Address: 192.0.2.20

Primary Reverse Lookup (by IP):

root@vcenter [ ~ ]# nslookup 192.0.2.20 dns.example.com
20.2.0.192.in-addr.arpa     name = vcenter.example.com.

Secondary Reverse Lookup (by IP):

root@vcenter [ ~ ]# nslookup 192.0.2.22 dns.example.com
22.2.0.192.in-addr.arpa     name = vcenter.example.com.

If either the forward or reverse lookup fails with a similar error as below, go back validate the DNS entries are correct:

root@vcenter [ ~ ]# nslookup 192.0.2.22 dns.example.com
** server can't find 22.2.0.192.in-addr.arpa: NXDOMAIN
Powered by Wolken Software