"registration link domain name verification failed" when registering Supervisor in TMC SaaS while running in older versions of VCF
search cancel

"registration link domain name verification failed" when registering Supervisor in TMC SaaS while running in older versions of VCF

book

Article ID: 403179

calendar_today

Updated On:

Products

VMware Tanzu Mission Control

Issue/Introduction

Scenario: Attempting to register a Supervisor cluster in TMC (SaaS Version)

The TMC pods on the Supervisor show in Error state

When you describe the tmc-agent-installer-config AgentInstall object, it eventually shows the following after 10 retries:

Status:
  Message:  registration link domain name verification failed

Environment

Tanzu Mission Control SaaS

VCF 5.2.1.1

vCenter 8.0.3

Supervisor K8s version: v1.29.7+vmware.wcp.1

TKG Service version: 3.1.1-embedded

Cause

By default, an AgentConfig is not required for registering a Supervisor cluster with TMC SaaS.

However, for Supervisor clusters running in older versions of VCF, an AgentConfig containing the DigiCert Global Root CA used by the TMC SaaS endpoint is required.  

This AgentConfig will also include the allowedHostNames regular expression for connecting to remote TMC SaaS console endpoint.

Resolution

Download the DigiCert Global Root CA from your TMC Console web UI and insert it into the AgentConfig yaml during Supervisor cluster registration.
 

Procedure:

  • Login to your TMC Console Web UI

Example:  https://ORG_NAME.tmc.tanzu.broadcom.com/

  • Download the root CA:

Example, when using Chrome browser

    • Click the icon, left of the browser URL to View site information

    • Select "Connection is secure"

    • Select "Certificate is valid" to pull up the Certificate Viewer

    • Select the "Details" tab

    • In the "Certificate Hierarchy" box, select "DigCert Global Root CA"

    • Click "Export" button

    • Save the "DigiCert Global Root CA" key

 

  • Create the AgentConfig yaml file and insert the DigiCert Global Root CA in the spec.caCerts section
Example agentconfig.yaml file:

apiVersion: "installers.tmc.cloud.vmware.com/v1alpha1"
kind: "AgentConfig"
metadata:
  name: "tmc-agent-config"
  namespace: svc-tmc-cXX
spec:
  allowedHostNames: ['^.+\.tanzu\.broadcom\.com$']
  caCerts: |
    -----BEGIN CERTIFICATE-----
    <<Put DigiCert Global CA Root CA certificate contents here>>
    -----END CERTIFICATE-----

 

  • Apply the agentconfig.yaml file

kubectl apply -f agentconfig.yaml

 

 

  • Confirm the pods reconcile in your svc-tmc-cXX Namespace and the Supervisor cluster registers in TMC.  You can watch them reconcile with:

kubectl -n svc-tmc-cXX get pods -w

 

Powered by Wolken Software