Unable to resolve the vCenter Primary Network Identifier <FQDN> with the configured management DNS server(s) on control plane VM <VM name>. Validate that the management DNS servers <server name> can resolve <network name>.

• At least one management DNS server is reachable.

• At least one management DNS is statically supplied.

• The management DNS servers do not have any host name lookup for the vCenter Server PNID.

• The vCenter Server PNID is a domain name, not a static IP address.

• Add a host entry for the vCenter Server PNID to the management DNS servers.

• Verify the configured DNS servers are correct.

Unable to resolve the vCenter Primary Network Identifier <network name> with the DNS server(s) acquired via DHCP on the management network of the control plane VM <VM name>. Validate that the management DNS servers can resolve <network name>.

• The management DNS servers supplied by the DHCP server (at least one) are reachable.

• The management DNS servers are statically supplied.

• The management DNS servers do not have any host name lookup for the vCenter Server PNID.

• The management DNS servers do not have any host name lookup for the vCenter Server PNID.

• The vCenter Server PNID is a domain name, not a static IP address.

• Add a host entry for the vCenter Server PNID to the management DNS servers supplied by the configured DHCP server.

• Verify the DNS servers supplied by the DHCP server are correct.

Unable to resolve the host <host name> on control plane VM <VM name> , as there are no configured management DNS servers.

• The vCenter Server PNID is a domain name, not a static IP address.

• There are no DNS servers configured.

Configure a management DNS server.

Unable to resolve the host <host name> on control plane VM <VM name>. The hostname ends with the '.local' top level domain, which requires 'local' to be included in the management DNS search domains.

The vCenter Server PNID contains .local as a top-level domain (TLD), but the configured search domains do not includelocal.

Add local to the management DNS search domains.

Unable to connect to the management DNS servers <server name> from control plane VM <VM name>. The connection was attempted over the workload network.

• The management DNS servers are unable to be connected to vCenter Server.

• The provided worker_dns values wholly contain the provided management DNS values. This means that traffic is routed via the workload network, as the Supervisor must pick one network interface to direct static traffic to these IPs.

• Check the Workload Network to verify that it can route to the configured management DNS servers.

• Verify there are no conflicting IP addresses that might trigger alternate routing between the DNS servers and some other servers on the Workload Network.

• Verify the configured DNS server is, in fact, a DNS server, and is hosting its DNS port on port 53.

• Verify the workload DNS servers are configured to allow connections from the IPs of the control plane VMs (the Workload Network provided IPs).

• Verify that there are no typos in the management DNS servers' addresses.

• Verify search domains don't include an unnecessary '~' that could be resolving the host name incorrectly.

Unable to connect to the management DNS servers <server name> from the control plane VM <VM name>.

Unable to connect to the DNS servers.

• Check the management network to verify that routes to the management DNS servers exist.

• Verify there are no conflicting IP addresses that may trigger alternate routing between the DNS servers and other servers.

• Verify the configured DNS server is, in fact, a DNS server, and is hosting its DNS port on port 53.

• Verify the management DNS servers are configured to allow connections from the IPs of the control plane VMs.

• Verify that there are no typos in the management DNS servers' addresses.

• Verify that search domains do not include an unnecessary '~' that could be resolving the host name incorrectly.

Unable to connect to <component name> <component address> from control plane VM <vm name>. Error: error message text

• A generic network failure occurred.

• Error occurred while connecting to actual connecting to vCenter Server.

• Validate that the host name or IP address of the configured components, such as vCenter Server, HAProxy, NSX Manager, or NSX Advanced Load Balancer are correct.

• Validate any external network settings such as conflicting IPs, firewall rules, and others, on the management network.

The control plane VM <VM name> was unable to validate the vCenter <vCenter Server name> certificate. The vCenter server certificate is invalid.

The certificate provided byvCenter Server is in invalid format, and therefore is untrusted.

• Restart wcpsvc to verify that the Trusted Roots bundle in the control plane VMs are up-to-date with the latest vCenter Server root certificates.

• Verify that the vCenter Servercertificate is actually a valid certificate.

The control plane VM <VM name> does not trust the vCenter <vCenter Server name>certificate.

• The vmca.pem certificate presented by vCenter Server is different from what is configured to the control plane VMs.

• The trusted root certificates were replaced in the vCenter Server appliance, but wcpsvc wasn't restarted.

• Restart wcpsvc to verify that the Trusted Roots bundle in the control plane VMs are up-to-date with the latest vCenter Server certificate roots.

The control plane VM <VM name> was unable to validate the NSX Server<NSX server name> certificate. The thumbprint returned by the server <NSX-T address> doesn't match the expected client certificate thumbprint registered in vCenter <vCenter Server name>

The SSL thumbprints registered to the Supervisor don't match the SHA-1 hash of the certificate presented by the NSX manager.

• Re-enable trust on the NSX manager between NSX and thevCenter Server instance.

• Restart wcpsvc on vCenter Server.

Unable to connect to <component name> <component address> from control plane VM <vm name>. Error: error message text

A generic network failure occurred.

• Validate any external network settings,conflicting IPs, firewall rules, and others, on the management network for the NSX manager.

• Verify the NSX manager IP in the NSX extension is correct.

• Verify that the NSX manager is running.

The control plane VM <vm name> does not trust the load balancer's (<load balancer>- <load balancer endpoint>) certificate.

The certificate the load balancer presents is different from the certificate that is configured to the control plane VMs.

Verify that you have configured the correct Management TLS certificate to the load balancer.

The control plane VM <vm name> was unable to validate the load balancer's (<load balancer>- <load balancer endpoint> certificate. The certificate is invalid.

The certificate the load balancer presents is in an invalid format, or expired.

Correct the server certificate of the configured load balancer.

The control plane VM <vm name> was unable to authenticate to the load balancer (<load balancer>- <load balancer endpoint> with the username <user name> and the supplied password.

The user name or password of the load balancer are incorrect.

Verify the if the user name and password configured to the load balancer are correct.

An HTTP error occurred when attempting to connect to the load balancer (<load balancer>- <load balancer endpoint> from the control plane VM <vm name>.

The control plane VMs can connect to the load balancer endpoint, but the endpoint does not return a successful (200) http response

Verify that the load balancer is healthy and accepting requests.

Unable to connect to <load balancer> (<load balancer endpoint>) from control plane VM <vm name>. Error: <error text>

• A generic network failure occurred.

• Typically, it means the load balancer is not working, or some firewall blocks the connection.

• Validate that the load balancer endpoint is accessible

• Validate no firewalls are blocking the connection to the load balancer.