It appears that the new systemd-resolved method in UAG 3.8+ uses .local for multicast DNS exclusively. Fortunately there is a way to fix this issue. Edit /etc/systemd/resolved.conf and uncomment the Domains line and adding in your .local domain there.
See https://roderikdeblock.com/vmware-uag-not-using-dns/ for details.
There are two passwords to configure when deploying.