NSX Edge cluster deployment from SDDC Manager fails at Cluster validation with "Edge node FQDN(s) does not resolve to management IP(s) provided"
search cancel

NSX Edge cluster deployment from SDDC Manager fails at Cluster validation with "Edge node FQDN(s) does not resolve to management IP(s) provided"

book

Article ID: 410442

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • When attempting to create or deploy a new NSX Edge cluster, it fails at Edge Cluster specification validation with below error:

Edge node FQDN(s) does not resolve to management IP(s) provided. (Edge node name <fqdn>
resolved to but should have resolved to management IP <ip> ; Faled to resolve <ip>)

  • On the var/log/vmware/vcf/domainmanager/domainmanager.log we see entries similar to below:

YYYY-MM-DDThh:mm:ss INFO [vcf_dm, <opID>,###] [c.v.evo.sddc.common.dns.DnsHelper, http-nio-127.0.0.1-7200-exec-1] About to execute dig +noedns +short @<192.168.#.#> -x <NSX_Mgr_IP>

YYYY-MM-DDThh:mm:ss INFO [vcf_dm, <opID>,###][c.v.evo.sddc.common.dns.DnsHelper, http-nio-127.0.0.1-7200-exec-1] About to execute dig +noedns @<192.168.#.#> <NSX_Mgr_FQDN>

YYYY-MM-DDThh:mm:ss INFO [vcf_dm,<op_id>, ##] [c.v.v.n.c.v.NsxTEdgeClusterController,http-nio-127.0.0.1-7200-exec-1] populateLocalizedValidationProp returning {"id": "#####-#####-####", "description":"Validating NSX Edge cluster creation spec","executionStatus":"IN_PROGRESS", "resultStatus": "UNKNOWN","validationChecks": [{"description": "Validate Edge Node Management IP to FQDN Resolution","severity":"ERROR", "resultStatus":"FAILED", "errorResponse": {"errorCode":"ECM_INVALID_FQDN_OR_IP", "arguments": [""], "message":"Edge node FQDN(s) does not resolve to management IP(s) provided. (Edge node name <fqdn> resolved to but should have resolved to management IP <ip> ; Failed to resolve <ip>: {1} ;

NOTE: DNS IP 192.168.#.# referenced in the above logs is queried by SDDC manager during the validation phase and the naming resolution is not resolvable

 

Environment

VCF 4.x, 5.x

Cause

This can be caused due name resolution issue on the SDDC manager potentially caused by DNS server connectivity or incorrect DNS server configured

Resolution

To resolve the issue, verify the DNS config on the SDDC-Manager:

  • Verify the forward and reverse lookup for name resolution of NSX manager is good by taking SSH to SDDC Manager and running the /usr/bin/dig command and/or nslookup :
    • Forward lookup using /usr/bin/dig <fqdn>  or nslookup <fqdn> command: 

Example of a correct outputs :

root@SDDC_Mgr:nslookup <NSX_Mgr_fqdn>
Server:  <dns_server_name>     
Address:  192.168.#.#           

Name:    <NSX_Mgr_fqdn>
Address:  <NSX_Mgr_IP>

root@SDDC_Mgr:~# /usr/bin/dig nsx-mngr-01.#.#
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> nsx-mngr-01.#.#
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15328
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;nsx-mngr-01.#.#. IN A

;; ANSWER SECTION:
nsx-mngr-01.#.#. 3600 IN A 192.168.#.#

;; Query time: 0 msec
;; SERVER: #.#.#.10#53(192.168.#.#) (UDP)
;; WHEN: #####
;; MSG SIZE rcvd: 67

    • Reverse lookup using /usr/bin/dig -x <ip> or nslookup <ip> command

Example of a correct output:

root@SDDC_Mgr:nslookup <NSX_Mgr_IP>
Server:  <dns_server_name>     
Address:  192.168.#.#           

Name:    <NSX_Mgr_fqdn>
Address:  <NSX_Mgr_IP>

root@SDDC_Mgr:~# /usr/bin/dig -x 192.#.#.#
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> -x 192.#.#.#
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30823
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;10.#.#.#.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
10.#.#.#.#. 3600 IN    PTR     controlcenter.#.#.

;; Query time: 4 msec
;; SERVER: #.#.#.10#53(#.#.#.#) (UDP)
;; WHEN: #####
;; MSG SIZE  rcvd: 94

  • Compare the saved DNS configuration on the SDDC manager with the above output:

cat /etc/resolv.conf 

In case of discrepancy between the DNS configuration found from the log snippets and what is being shown in the nslookup or dig command, update the DNS config on SDDC manager:

    1. In the SDDC Manager UI, click Administration > Network Settings > DNS Configuration
    2. Click Edit to update the DNS server ip(s) 
    3. Validate the changes are saved in /etc/resolv.conf
    4. Re-attempt the Edge cluster creation workflow
  • If the issue is still being encountered and on the logs the SDDC manager is still seems to query the old/incorrect DNS server, restart the SDDC manager services:

/opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh

 

Additional Information

Powered by Wolken Software