dsohayda
Enthusiast
Enthusiast

Moving to pfSense Destroyed homelab VCSA?

Jump to solution

This is a vSphere 6.7 update 3 environment. VCSA is 6.7.0.44100 build 16275304. Hosts are 6.7.0 Update 3 build 16316930.

I recently swapped out my Edgerouter X for a pfSense appliance, and while everything seemed to come back online fine after the move my VCSA is having a bad time of it.

The host name and IP address of the VCSA has not changed.

Health status is all good in the VAMI, and SSO shows as running with the vsphere.local domain.

The VCSA is joined to my active directory domain run on two win2019 VMs on the same network.

DNS is set up on the pfSense box to point to both Windows domain controllers which have static A records created for the VCSA and other infrastructure pieces like the hosts and VMs.

I also have forwarders configured on each domain controller to point to a set of pi-holes for external resolution to Cloudflare.

Before making the router switch I shut everything down, VMs, hosts, switches, Synology, modem. I set up the new pfSense box, set up the reservations to give the same address to everything and brought them back online in reverse.

Now when logging into the VCSA both hosts shows as not responding and all VMs show as disconnected. I try to connect the hosts but it fails before even trying to authenticate saying, "The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding." However, I can connect directly to the hosts.

It seems clear that this is DNS related, but I can't imagine what is different as I feel like I set it up on pfSense the same as it was on the ERX.

VCSA backup also fails with the message, "Backup PNID 'vcsa.my.domain' is not resolved on the network. Configure the network DNS service accordingly."

Any ideas what I did here, and how I can get things back on track?

Thank you

Tags (2)
1 Solution

Accepted Solutions
Lalegre
Commander
Commander

All point that the resolution is not working but from inside the VCSA. Did you update the DNS Servers to be pointing to the pfSense after doing that change?

I never used pfSense in such way but why wouldn't you use the Domain Controllers as your DNS Servers configured on all the components.

View solution in original post

0 Kudos
3 Replies
Lalegre
Commander
Commander

All point that the resolution is not working but from inside the VCSA. Did you update the DNS Servers to be pointing to the pfSense after doing that change?

I never used pfSense in such way but why wouldn't you use the Domain Controllers as your DNS Servers configured on all the components.

View solution in original post

0 Kudos
scott28tt
VMware Employee
VMware Employee

Moderator: Thread moved to the vCenter Server area.

0 Kudos
dsohayda
Enthusiast
Enthusiast

I was thinking the same thing as you and that was my intention, to have DNS handled by the domain controllers, but it looks like pfSense out of the box doesn't work the same way as the ERX.

The tyranny of the defaults!

By default, unless it's an upgraded pfSense system, DNS resolving is enabled with forwarding disabled. I needed that to be the reverse for my setup!

I disabled DNS resolver and enabled DNS forwarder on pfSense as well as the DHCP registration option “register DHCP leases in DNS forwarder" and static DHCP option - “register DHCP static mappings in DNS forwarder."

Once I did this and performed some reboots things started flowing correctly and I was able to re-connect hosts to the VCSA etc.

Thank you for taking a look at my post and responding with your thoughts. Appreciate the time.