I’ve spent hours trying to figure out why our bring-your-own-cloud edge setup is refusing to register with the genesys cloud control plane during the zendesk voice migration. we are moving away from zendesk talk sip trunks and trying to replicate that reliability in genesys cloud using our own aws infrastructure in eu-west-1. the edge virtual appliance was deployed using the standard terraform modules provided by genesys, version 2.4.1.
the issue appears right at the handshake phase. the edge logs show a successful connection to the bootstrap service initially, but then it immediately drops when trying to resolve the tenant-specific edge endpoint. we are seeing repeated ‘connection refused’ errors on port 443 in the edge container logs. specifically, the error message reads: ‘failed to resolve endpoint: dns_lookup_error for tenant-edge-eu1.genesys.cloud’.
we have verified that our aws security groups allow outbound traffic on all required ports, including 443, 8443, and the udp range for media. we even added an explicit allow rule for the genesys cloud eu1 cidr blocks just to be safe, based on the migration guide. the issue persists even after restarting the edge pod.
comparing this to zendesk, the sip trunk registration was straightforward with static ip whitelisting. in genesys, the dynamic edge architecture seems much more complex. is there a specific dns configuration required in our vpc endpoint policy that we are missing? we are using the standard amazon provided dns resolver. could this be related to the way the edge certificate is being validated against the okta saml provider we set up in the previous migration step? any insights on troubleshooting dns resolution within the edge container namespace would be greatly appreciated. we are blocked on going live with the voice channels until this registers.