VMware Cloud on AWS

 View Only
  • 1.  cname on VMC

    Posted Nov 09, 2023 03:38 PM

    I would like to put a cname in front of my VMC Vcetner, when I do so, get the error

    [400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing metadata during vCenter Single Sign-On setup: the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.

     

    There is a workaround for on-prem is in a kb, but obviously I cannot make these changes to a VMC environment.

    https://kb.vmware.com/s/article/71387

    Any thoughts how to get past this?

    Thanks,

    -GB

     



  • 2.  RE: cname on VMC

    Broadcom Employee
    Posted Nov 20, 2023 01:12 PM

    Hi GB,

    To my knowlege (designed and delivered several VMC on AWS projects) you can't manipulate the DNS entries for vCenter / NSX as the service is managed by the VMware SRE team and hosted on AWS route 53. I'm not aware of any customer who has been able to successfully use a CNAME or Alias to resolve the IP address for these SDDC Management systems. I believe due to reverse DNS certificate check you will have to use the designated FQDN for your SDDC. 

    You can however change DNS resolution to Private IP, to resolve the FQDN to the internal IP address on the management network (traffic does not traverse the Internet for NSX, vCenter). You'd want to do this if using AWS Direct Connect / DXGW to route traffic internally between your on premises datacenter.

    Regards,

    Greg D, VMware