VI Workload domain creation task fails at NSX-T deployment in a 2 label hostname environment such as "<hostname>.<domain>"
search cancel

VI Workload domain creation task fails at NSX-T deployment in a 2 label hostname environment such as "<hostname>.<domain>"

book

Article ID: 413718

calendar_today

Updated On:

Products

VMware SDDC Manager VMware Cloud Foundation

Issue/Introduction

VI Workload domain creation task fails at NSX-T deployment in a 2 label hostname environment such as "<hostname>.<domain>"

Environment

The VCF components are configured with two label hostname (PQDN - partially qualified domain name) such as  "<hostname>.<domain>"

Cause

SDDCM can't trust the self signed certificates on NSX nodes if the nodes are using 2 label FQDNs and NSX deployment fails. The reason for the failure is that in NSX 4.2.0, the NSX Manager generates a self-signed cert and a wild-card SAN field is added to the cert only if the NSX Manager's domain name has more that two periods(aka 3 labels) in the domain name.  In case of 2 label FQDNs, wild-card SAN cant be generated and instead SAN contains IP addresses of the nodes (not the hostname).  The SDDCM tries to connect using the hostname and verification of it fails (as it's not same as IP address). 

 

Resolution

The workaround would involve interaction with SDDCM, MGMT VC and 3 NSX nodes of the VI that fail wrt SDDCM's deployment.

Contact Broadcom Global Support for assistance in executing the workaround.

 

Additional Information

Powered by Wolken Software