Supervisor control plane VM is unable to validate the vCenter certificate due to duplicate FQDN entries in DNS
search cancel

Supervisor control plane VM is unable to validate the vCenter certificate due to duplicate FQDN entries in DNS

book

Article ID: 440525

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

  • Supervisor cluster is down due to a certificate validation failure between the Supervisor Control Plane VM and vCenter Server
  • Error message: 
    Configuration error The control plane VM <control_plane_vm> was unable to validate the vCenter <vCenter_FQDN> certificate. The vCenter server certificate is invalid.
  • The vCenter Server certificate has been validated to be valid 
  • Doing an nslookup from different supervisor control plane VMs on the vCenter FQDN is returning different IPs 

Environment

  • VMware Kubernetes Service (VKS)
  • VMware vCenter Server 8.x 

Cause

  • If different IPs are returned via nslookup on the vCenter Server FQDN then a duplicate entry exists in DNS containing the same FQDN with different IPs
  • The supervisor control plane VM(s) in error state are unable to validate the certificate from the incorrect IP

Resolution

Remove the duplicate/incorrect DNS entry 

Powered by Wolken Software