When attempting to create a new HCX site pair to a VMware Cloud on AWS SDDC, the site pairing fails with the following error:

Error connecting to remote site
502 Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server

Connectivity tests to the cloud HCX Manager FQDN and IP address result in 100% packet loss. Even machines within the same SDDC cannot reach the HCX Manager endpoint, while other management components such as vCenter on the same subnet communicate normally.

An existing site pair to a different SDDC may work successfully, which can lead to the assumption that firewall rules are blocking traffic to the new cloud HCX endpoint.

• VMware Cloud on AWS SDDC
• VMware HCX 4.x

The HCX FQDN Resolution Address configured in the SDDC Settings is set incorrectly. This setting controls whether external systems resolve the cloud HCX Manager using the public or private IP address. When this setting does not match the network path used by the on-premises HCX Connector, connectivity to the cloud HCX Manager fails and site pairing cannot be established.

Update the HCX FQDN Resolution Address in the SDDC Settings to match the network connectivity path:

1. Log in to the VMC Console at vmc.vmware.com.
2. Select the organization.
3. Select the VMware Cloud on AWS service.
4. Click SDDCs.
5. Locate the SDDC and click View Details.
6. Click the Settings tab.
7. In the HCX Information section, expand the selection and click Edit.
8. In the Resolution Address field, use the drop-down menu to select the appropriate IP address:
   • Select Private IP if connecting over Direct Connect or VPN.
   • Select Public IP if connecting over the internet.
9. Click Save.

After changing the resolution address, retry the HCX site pairing operation.

For more information, see Setting DNS Resolution from Public to Private in the VMware HCX User Guide.