When attempting to enable a Supervisor Cluster in VMware vSphere with Tanzu (VKS), the enablement process fails or hangs. The following symptoms are observed:

• The vSphere Client displays errors indicating the Control Plane VM cannot reach DNS servers.
• Deployment status for the Supervisor remains in a Failure or Warning state during the "Waiting for Workload Network" phase.
• Communication between the Control Plane VM and the management DNS server fails specifically over the workload network.

The following error is observed during the validation phase:

Unable to connect to the management DNS servers '<REDACTED_IPS>' from the control plane VM. The connection was attempted over the workload network

Log excerpts from the WCP logs show network timeout errors connecting to the DNS server:

2026-03-20T04:54:45.556Z WARNING network_setting: Network validation failed: 'Unable to connect to the management DNS servers '<REDACTED_IPS>' from the control plane VM <REDACTED_SECRETS>. The connection was attempted over the workload network.
2026-03-20T04:54:45.556Z DEBUG condition: Updated condition: type=ManagementNetworkConfigured, status=FALSE, reason=WorkloadNetworkDNSServerConnectionFailed, messages=[Severity: ERROR, Details: Id: vcenter.wcp.node_state_check.mgmt_network <REDACTED_SECRETS>. The connection was attempted over the workload network. Error: lookup <REDACTED_HOSTNAMES> on <REDACTED_IPS>:53: read udp <REDACTED_IPS>:36140-><REDACTED_IPS>:53: i/o timeout., Args: ['<REDACTED_IPS>', '<REDACTED_SECRETS>']

VMware NSX

An MTU mismatch exists on the ESXi host network or the upstream physical switch where the Supervisor control plane VM is deployed, resulting in packet drops and DNS connectivity failure.

• Verify the MTU configuration on the ESXi host where the control plane VM is deployed.

• Validate the MTU configuration on the physical switch ports connected to the ESXi host.

• Correct any MTU mismatches to ensure end-to-end MTU consistency from the control plane VM to the DNS server.