This was an issue I encountered recently. I had added a CMG but there were errors in the CMG Connection Analyzer.
I always advise my customers to secure the CMG using a public SSL certificate. This involves using an externally routable domain and creating a CNAME record to direct requests to the CMG (ghcmg.emslab.ie -> ghcmg.cloudapp.net for example, all the screenshots below are examples, not from the customer).
I had already configured the CNAME record with the domain hosting company and it could resolve externally. This is what it should look like. The DNS name should resolve but it doesn't matter that there is no ping response. That is normal.
However the CMG Connection Analyzer still failed with the error:
"Failed to connect to the CMG service. Unexpected response status code is NameResolutionError. For more information, see SmsAdminUI.log".
I carried out some troubleshooting and saw that the CNAME resolution did not work from the Primary Site server. At that point I realized that the customer was using split DNS. In a split DNS infrastructure, you create two zones for the same domain, one to be used by the internal network, the other used by the external network – typically users on the Internet. Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution.
The solution was to also add the CNAME record to the internal DNS zone.
Right click the zone and choose New Alias (CNAME).
Enter the details for the alias.
All was good for the CMG.
Until next time....