The Compliance Scanner is unable to scan VMs in the environment. Symptoms include:

• Error logs on agent VMs display the following message: Unable to resolve Store domain: lookup q-s4.oscap-store.AAA.[UUID].bosh on [IP]:53: no such host
• An nslookup on the old network (AAA) returns NXDOMAIN, while the new network (BBB) resolves correctly.

Compliance Scanner for VMware Tanzu

The issue is caused by a network migration where the Compliance Scanner component was moved from the AAA network to the BBB network. Agent VMs may retain stale network configurations, causing them to attempt Store domain resolution via the old, unreachable network path.

To resolve this issue, propagate the network configuration changes to the scanning agents:

1. Verify Connectivity:

   • Log into a failing agent VM.
   • Run nslookup for the Store domain to identify which network name is being used.
   • Confirm if it is still attempting to use AAA instead of BBB.

2. Apply Changes:

   • In Operations Manager, select Apply Changes for all tiles.
   • This ensures that the network name change propagates to all scanning VMs so they can correctly reach the store.

3. Validation:

   • Verify that the agent VMs can now successfully resolve the Store domain via the BBB network.
   • Confirm that compliance scans are completing successfully across all VMs.