no, you need both public keys
So there is no way to truly create a multisig address/wallet without having all private keys involved (moreso in the same place the generation of the multi-sig address is being created)?
No that is no correct. You need all the PubKeys not all the private keys to create the multisig address.
As a side note, it would have been nice if Bitcoin had supported ECDSA PubKey recovery but it doesn't. That would have allowed creating multisig txs using the PubKeyHash instead and the PubKeyHash can be decoded from the address. It doesn't and likely never will, which makes creation of the multisig address involving multiple parties less user friendly. Most users don't know how to obtain a PubKey from their wallet (or even know there is such a thing as a PubKey or that it isn't the same thing as the PubKeyHash).
I guess I'm supposed to run validateaddress command on both addresses to get the pubkey for both to create the multisig?
validateaddress only returns the PubKey if "isMine" is true so it is useful for a simplistic test but not very useful for a real world solution. If the keys are in multiple wallets then it would need to be run on each address which has the private key (and that assumes all parties are using bitcoin-core). For example if I was one of the signers in your multisig tx, you can't determine the PubKey for this address 1NbCxn5NnFF4y9EWzU3YZcJZGuYsoRN4HZ with the address alone because it has never been spent from and thus isn't publicly known.
Yes I misspoke. But as you can see I was able to figure out that I needed to run validateaddress on both addresses from different wallets to create the multisig address.
In essence to create the multisig you don't need the private keys to create the pubkey via the validateaddress command, but each party would need access to the private key of their address being used in the multisig creation to create pubkey for it. It is an indirect usage of the private keys to create the multisig addy.
This would be assuming all parties were using bitcoin-core, yes.
Yes I know I can't determine the PubKey for your address in that example. But in my simplistic test I used two separate wallets created from the satoshi client and it appears to work.