3

VMware UAG not using DNS

This is a small blog post on solving a DNS issue with the VMware Unified Access Gateway version 3.7 and above when using  a .local domain.

At one of our costumers I was asked to upgrade their VMware Unified Access Gateways from version 3.5 to 3.8. Usually this is an quick and easy task. But this time I ran into an issue. I was unable to setup RSA authentication on the Unified Access Gateways. The RSA applicances of this customer are part of a .local domain.

I deployed the OVA,  exported and imported the JSON and then I checked the admin interface. This shows that RSA authentication is not configured. After this I tried to setup the RSA configuration manually but it showed on error “unable to save configuration”. This message says nothing to me, so I had to troubleshoot this issue. In the documentation of the UAG’s I found that are is an authbroker.log logfile on the applicance. This file contains log messages from the AuthBroker process, which handles Radius and RSA SecurID authentication. Authbroker.log is located at /opt/vmware/gateway/logs.

The log shows that the service is unable to resolve the names of the RSA appliances. After searching the internet for this issue I found the following article:

https://www.reddit.com/r/vmware/comments/e30k2p/horizon_uag_37_not_using_configured_dns/

It appears that the new systemd-resolved method uses .local for multicast DNS exclusively. Fortunately there is a way to fix this issue. Edit /etc/systemd/resolved.conf  and uncomment the domains line and adding in your .local domain  to the domains there.

At last I rebooted the appliance and was able to configure RSA on the UAG’s.

Roderik de Block

 

 

 

 

 

 

 

Roderik de Block

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *