Adding/Updating DNS on SDDC fails with "Failed to validate NTP configuration. Validate input specification as new NtpConfiguration to VMware Cloud Foundations."
search cancel

Adding/Updating DNS on SDDC fails with "Failed to validate NTP configuration. Validate input specification as new NtpConfiguration to VMware Cloud Foundations."

book

Article ID: 418858

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • DNS configuration through SDDC Manager fails with the error:  "Failed to validate NTP configuration. Validate input specification as new NtpConfiguration to VMware Cloud Foundations."
  • /var/log/vmware/vcf/operartionsmanager/operationsmanager.log
    YYYY-MM-DDTHH:MM:SSZ ERROR [vcf_om, 69#########################62, ####] [c.v.v.s.s.v. SystemConfiguratorEntitiystatevalidator, om-exec-30] Error ocurred while testing DNS servers for <SDDC Manager-FQDN>: [DNSTestMessage (result=success, message='<DNS_Server_1_IP>' is reachable.) , DNSTestMessage (result=failure, message=Failed to reach 'DNS_Server_2_IP'.) ]
    YYYY-MM-DDTHH:MM:SSZ ERROR [vcf_om, 69#########################62, ####] [c.v.v.s.s.v.SystemConfiguratorEntitiystateValidator, om-exec-30] Exception occured while validating DNS servers [<DNS1-IP>, <DNS2-IP>] on <SDDC Manager-FQDN>
    com. vmware. vcf.systemconfigurator.error. SystemConfiguratorException: Error occurred while testing DNS servers for <SDDC Manager-FQDN>: [DNSTest message (result=success, message='<DNS_Server_1_IP>' is reachable.), DNSTestMessage (result=failure, message Failed to reach '<DNS_Server_2_IP>'.) ]
  • Diagnostics, confirmed by the traceroute utility, show the DNS server is unreachable due to a blocked or broken network path.

Environment

  • SDDC Manager 5.x

Cause

  • The SDDC Manager's inability to reach the DNS server is a network layer issue. The traceroute results confirm that the communication path is blocked or disrupted, most often due to an incorrect firewall rule (ACL) preventing traffic on UDP/TCP port 53 (DNS) between the SDDC Manager and the DNS server, or an improper routing configuration within the network infrastructure.

Resolution

Since the traceroute utility confirms the DNS server is unreachable due to a blocked network path, the issue lies outside of the Broadcom VCF team. 

  • (Recommended): Please engage your internal Network and Security teams to investigate and resolve the communication path failure. They must ensure that the necessary firewall rules (ACLs) and routing configurations permit bi-directional traffic on UDP/TCP port 53 between the SDDC Manager's IP and the DNS server's IP.
  • (Alternative): Alternatively, reconfigure the SDDC Manager to use a different, confirmed-reachable DNS server located within a network segment that does not have these communication restrictions.
Powered by Wolken Software