vSAN Skyline Health Alarm - File Server Health : DNS Unreachable
search cancel

vSAN Skyline Health Alarm - File Server Health : DNS Unreachable

book

Article ID: 437323

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

Symptoms:

  • Under vSAN Skyline Health in vSphere Client, an alarm is triggered for File Server Health.

  • Upon clicking on troubleshoot, the health check indicates that the DNS server is not reachable from the vSAN File Service nodes.

  • The file service network is configured on a standard switch

  • The vCenter server and file service nodes are residing on the same portgroup and the vCenter server can reach the DNS servers.

  • DNS lookups (forward and reverse) are correctly configured on the DNS server for the file service nodes. However, File Service nodes are unable to communicate with the physical network for DNS resolution.

Environment

VMware VSAN 8.x

Cause

This issue is caused when the standard switch network portgroup used for vSAN File Services has "Promiscuous Mode" and "Forged Transmits" set to Reject. These security policies block the virtual MAC addresses used by vSAN File Service nodes, preventing network communication and causing DNS health check failures.

Cause Validation:

In the vSphere Client networking configurations, it can be seen that the promiscuous mode and forged transmits are set to reject.

To verify navigate to Host > Configure > Networking > Virtual Switches. Select the port group and click the horizontal elipsis icon and select Edit settings. Under security settings validate if the networking considerations for VSAN File Service are met.

 

Resolution

To address this issue, please follow the below steps and ensure Promiscuous Mode and Forged Transmits are enabled - Networking Considerations for vSAN File Service

  1. Log in to the vSphere Client.

  2. Navigate to the ESXi hosts. On the Configure tab, expand Networking and select Virtual Switches.

  3. Select the standard switch from the list. The topology diagram of the switch appears.

  4. In the topology diagram of the switch, click the name of the port group. Next to the the topology diagram title, click the horizontal elipsis icon and select Edit settings.

  5. Navigate to Security settings.

  6. Set Promiscuous Mode to Accept.

  7. Set Forged Transmits to Accept.

  8. Click OK to save the changes.

  9. Return to vSAN Skyline Health and click Retest to verify the File Server Health alarm clears

 

Powered by Wolken Software