VM instances in DSM are inaccessible - Unable to resolve the FQDN of the vCenter host.
search cancel

VM instances in DSM are inaccessible - Unable to resolve the FQDN of the vCenter host.

book

Article ID: 426508

calendar_today

Updated On:

Products

VMware Data Services Manager for VCF

Issue/Introduction

  • In DSM UI, following alerts will be seen
  • The DNS server is reachable from the DSM appliance, and vCenter (including its FQDN) resolves successfully. However, when SSH into the PostgreSQL instance, DNS resolution is not available and requests to the DNS server time out on port 53.

  • In the workload cluster logs below events will be seen
    2026-01-14T11:05:38.140084936Z stderr F W0114 11:05:38.139935       1 logging.go:59] [core] [Channel #1 SubChannel #3] grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2026-01-14T11:05:38Z is after 2025-12-12T08:08:13Z"
    2026-01-14T11:05:38.218034309Z stderr F W0114 11:05:38.217825       1 logging.go:59] [core] [Channel #2 SubChannel #4] grpc: addrConn.createTransport failed to connect to {Addr: "127.0.0.1:2379", ServerName: "127.0.0.1", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate has expired or is not yet valid

Environment

DSM 9.0.1

Cause

The DNS server configured on DSM is unreachable, preventing the database VM from resolving and communicating with vCenter. Additionally, TLS certificates on the PostgreSQL database VM have expired, causing authentication failures between internal DSM services and resulting in PostgreSQL service disruption

  • In the provisioner logs below events will be seen 
2026-01-05T07:20:26+00:00 xxxxxx.xxxx.com container_name/dsm-tsql-provisioner-service[1265]: {"level":"error","timestamp":"2026-01-05T07:20:26.220Z","C":"systemvalidator/vcenterbindingvalidator.go:67","message":"VC Host is not resolvable","controller":"vcenterbinding","controllerGroup":"system.dataservices.vmware.com","controllerKind":"VCenterBinding","VCenterBinding":{"name":"vcenter"},"namespace":"","name":"vcenter","reconcileID":"49a6a2b3-8439-428c-892d-62fd5a57849a","objName":"vcenter","objType":"v1alpha1.VCenterBinding","VC Host":" xxxxxx.xxxx.com","error":"lookup  xxxxxx.xxxx.com.com on xx.xx.xx.xx:53: server misbehaving"

 

Resolution

  • Resolve the DNS connectivity issues between the DB instances and vCenter,  for a temporary fix add the vCenter FQDN entry to the /etc/hosts file on the affected components.
  • Renew the expired TLS certificates on the PostgreSQL database VM by following the steps in the Broadcom Knowledge Base article below.
    Renew the certs in workload cluster
Powered by Wolken Software