vSAN1

Deployed vSphere Snapshot Service Appliance but the firstboot.sh setup fails and snap-in's do not deploy.
It's appearing to be a network issue on the appliance, I cannot ping the appliance IP but the appliance can ping out by IP only (name resolution fails).
Here is the /etc/systemd/network/10-eth0.network config:
[Match]

Name=eth0

[Network]

Address=10.13.14.29/24

Gateway=10.13.24.1

DNS=10.13.22.101 10.13.22.102

When I run resolvectl, it returns ...
Current DNS Server: 10.13.22.101
DNS Servers: 10.13.22.101 10.13.22.102

When ping out the vCenter FQDN I receive the following error:
;; communication error to 127.0.0.53#53: timed out

Server: 127.0.0.53

Address: 127.0.0.53#53


The appliance can ping everything by IP (vCenter, DNS servers)

/Thanks

Tim Seery

As a workaround, added vCenter and servers in the vSAN to the /etc/hosts.

The appliance is not pingable (believe it may by design) is available by HTTPS (NGINX).  

Original Message:
Sent: May 08, 2025 03:27 PM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

Deployed vSphere Snapshot Service Appliance but the firstboot.sh setup fails and snap-in's do not deploy.
It's appearing to be a network issue on the appliance, I cannot ping the appliance IP but the appliance can ping out by IP only (name resolution fails).
Here is the /etc/systemd/network/10-eth0.network config:
[Match]

Name=eth0

[Network]

Address=10.13.14.29/24

Gateway=10.13.24.1

DNS=10.13.22.101 10.13.22.102

When I run resolvectl, it returns ...
Current DNS Server: 10.13.22.101
DNS Servers: 10.13.22.101 10.13.22.102

When ping out the vCenter FQDN I receive the following error:
;; communication error to 127.0.0.53#53: timed out

Server: 127.0.0.53

Address: 127.0.0.53#53


The appliance can ping everything by IP (vCenter, DNS servers)

/Thanks

Tim Seery

So did it solve the issue for you?

Original Message:
Sent: May 12, 2025 11:38 AM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

As a workaround, added vCenter and servers in the vSAN to the /etc/hosts.

The appliance is not pingable (believe it may by design) is available by HTTPS (NGINX).  

Original Message:
Sent: May 08, 2025 03:27 PM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

Deployed vSphere Snapshot Service Appliance but the firstboot.sh setup fails and snap-in's do not deploy.
It's appearing to be a network issue on the appliance, I cannot ping the appliance IP but the appliance can ping out by IP only (name resolution fails).
Here is the /etc/systemd/network/10-eth0.network config:
[Match]

Name=eth0

[Network]

Address=10.13.14.29/24

Gateway=10.13.24.1

DNS=10.13.22.101 10.13.22.102

When I run resolvectl, it returns ...
Current DNS Server: 10.13.22.101
DNS Servers: 10.13.22.101 10.13.22.102

When ping out the vCenter FQDN I receive the following error:
;; communication error to 127.0.0.53#53: timed out

Server: 127.0.0.53

Address: 127.0.0.53#53


The appliance can ping everything by IP (vCenter, DNS servers)

/Thanks

Tim Seery

The appliance can now communicate with vCenter but cannot Authenticate )based on what I'm reading in the /var/log/vmware/snapservice/snap-service.log). 

Re-deployed verifying the Administrator@vsphere.local password is valid with the same result (certificate looks good). 

Original Message:
Sent: May 13, 2025 07:38 AM
From: Duncan Epping
Subject: vSAN Snapshot Service Appliance Deployment Failure

So did it solve the issue for you?

Original Message:
Sent: May 12, 2025 11:38 AM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

As a workaround, added vCenter and servers in the vSAN to the /etc/hosts.

The appliance is not pingable (believe it may by design) is available by HTTPS (NGINX).  

Original Message:
Sent: May 08, 2025 03:27 PM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

Deployed vSphere Snapshot Service Appliance but the firstboot.sh setup fails and snap-in's do not deploy.
It's appearing to be a network issue on the appliance, I cannot ping the appliance IP but the appliance can ping out by IP only (name resolution fails).
Here is the /etc/systemd/network/10-eth0.network config:
[Match]

Name=eth0

[Network]

Address=10.13.14.29/24

Gateway=10.13.24.1

DNS=10.13.22.101 10.13.22.102

When I run resolvectl, it returns ...
Current DNS Server: 10.13.22.101
DNS Servers: 10.13.22.101 10.13.22.102

When ping out the vCenter FQDN I receive the following error:
;; communication error to 127.0.0.53#53: timed out

Server: 127.0.0.53

Address: 127.0.0.53#53


The appliance can ping everything by IP (vCenter, DNS servers)

/Thanks

Tim Seery

Found a final fix for the DNS resolution issue using the dig command.

[seery@mynetwork.local ~]$ dig ws.sample.local

; <<>> DiG 9.16.12 <<>> ws.sample.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59557
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ws.sample.local.           IN      A

;; ANSWER SECTION:
ws.sample.local.    3600    IN      A       10.30.1.1

;; Query time: 370 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Sun Feb 21 13:53:40 CET 2021
;; MSG SIZE  rcvd: 64

.local address use /etc/resolv.conf instead of /run/systemd/resolve/resolv.conf

Replace /etc/resolv.conf file with symbolic link /run/systemd/resolve/resolv.conf

sudo rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

With DNS issue resolved, needed to re-run the first boot configuration script:

sudo chmod +x /etc/vmware/cap/cap-firstboot.sh
/etc/vmware/cap/cap-firstboot.sh

vCenter authentication issue fixed, Data Protection snap-in deployed!

VMware support didn't try to help me resolve the problem, assuming items such as the Snapshot appliance are community supported.

Shout out to Daniel Stadelmann, Hareesh K G and Yellow Bricks!

Original Message:
Sent: May 14, 2025 12:02 PM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

The appliance can now communicate with vCenter but cannot Authenticate )based on what I'm reading in the /var/log/vmware/snapservice/snap-service.log). 

Re-deployed verifying the Administrator@vsphere.local password is valid with the same result (certificate looks good). 

Original Message:
Sent: May 13, 2025 07:38 AM
From: Duncan Epping
Subject: vSAN Snapshot Service Appliance Deployment Failure

So did it solve the issue for you?

Original Message:
Sent: May 12, 2025 11:38 AM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

As a workaround, added vCenter and servers in the vSAN to the /etc/hosts.

The appliance is not pingable (believe it may by design) is available by HTTPS (NGINX).  

Original Message:
Sent: May 08, 2025 03:27 PM
From: Tim Seery
Subject: vSAN Snapshot Service Appliance Deployment Failure

Deployed vSphere Snapshot Service Appliance but the firstboot.sh setup fails and snap-in's do not deploy.
It's appearing to be a network issue on the appliance, I cannot ping the appliance IP but the appliance can ping out by IP only (name resolution fails).
Here is the /etc/systemd/network/10-eth0.network config:
[Match]

Name=eth0

[Network]

Address=10.13.14.29/24

Gateway=10.13.24.1

DNS=10.13.22.101 10.13.22.102

When I run resolvectl, it returns ...
Current DNS Server: 10.13.22.101
DNS Servers: 10.13.22.101 10.13.22.102

When ping out the vCenter FQDN I receive the following error:
;; communication error to 127.0.0.53#53: timed out

Server: 127.0.0.53

Address: 127.0.0.53#53


The appliance can ping everything by IP (vCenter, DNS servers)

/Thanks

Tim Seery