VMware UAG not using DNS

This is a small blog post on solving a DNS issue with the VMware Unified Access Gateway version 3.7 and above when using  a .local domain.

At one of our costumers I was asked to upgrade their VMware Unified Access Gateways from version 3.5 to 3.8. Usually this is an quick and easy task. But this time I ran into an issue. I was unable to setup RSA authentication on the Unified Access Gateways. The RSA applicances of this customer are part of a .local domain.

I deployed the OVA,  exported and imported the JSON and then I checked the admin interface. This shows that RSA authentication is not configured. After this I tried to setup the RSA configuration manually but it showed on error “unable to save configuration”. This message says nothing to me, so I had to troubleshoot this issue. In the documentation of the UAG’s I found that are is an authbroker.log logfile on the applicance. This file contains log messages from the AuthBroker process, which handles Radius and RSA SecurID authentication. Authbroker.log is located at /opt/vmware/gateway/logs.

The log shows that the service is unable to resolve the names of the RSA appliances. After searching the internet for this issue I found the following article:


It appears that the new systemd-resolved method uses .local for multicast DNS exclusively. Fortunately there is a way to fix this issue. Edit /etc/systemd/resolved.conf  and uncomment the domains line and adding in your .local domain  to the domains there.

At last I rebooted the appliance and was able to configure RSA on the UAG’s.

Roderik de Block










  1. Long time reader, first time commenter — so, thought I’d drop a comment..
    — and at the same time ask for a favor.

    Your wordpress site is very simplistic – hope you don’t
    mind me asking what theme you’re using? (and don’t mind if I steal
    it? :P)

    I just launched my small businesses site –also built in wordpress like yours–
    but the theme slows (!) the site down quite a bit.

    In case you have a minute, you can find it by searching for “royal cbd” on Google (would appreciate any feedback)

    Keep up the good work– and take care of yourself during the coronavirus scare!


Leave a Reply

Your email address will not be published. Required fields are marked *