Symptoms

During an upgrade to SSP 5.1, the platform upgrade completes successfully, but the SSP-Installer (SSP-I) upgrade pre-check fails with a vCenter connectivity error similar to the following:

Error while connecting to vCenter <vcenter-fqdn>.
Failed to create govmomi client:
Post "https://<vcenter-fqdn>/sdk":
dial tcp: lookup <vcenter-fqdn> on 127.0.0.53:53: server misbehaving

This error indicates that the SSP-Installer is unable to resolve the vCenter FQDN via DNS.

Security Services Platform Installer 5.0

The DNS search domain configured on the SSP-Installer VM does not match the domain of the vCenter FQDN used during the upgrade.

In such cases, the SSP-Installer attempts to resolve the vCenter hostname using an incorrect or incomplete DNS search path, resulting in name resolution failure during pre-checks.

Example /etc/resolv.conf output:

nameserver 127.0.0.53
search domain.local

If the vCenter FQDN belongs to a different domain (for example, lp15-sandbox.local), DNS resolution will fail unless the correct search domain is configured.

Update the DNS search domain on the SSP-Installer VM to match the vCenter domain, then re-run the pre-checks.

Procedure

1. Log in to the SSP-Installer VM as sysadmin.

2. Switch to the root user:

   sudo -i
   

3. Edit the netplan configuration file:

   vi /etc/netplan/00-installer-config.yaml
   

4. Locate the nameservers section and update the search domain to match the correct domain.

   Example:

   nameservers:
       search: [domain.local]
       addresses: [<dns-server-ip>]
   

5. Apply the network configuration:

   sudo netplan apply
   

6. Retry the SSP-Installer pre-checks from the point of failure.

After correcting the DNS search domain and re-running the pre-checks, the SSP-Installer upgrade completes successfully.