Symptoms:

1. When we login to remote site vcenter within SRM UI, an error is displayed:

"Failed trying to retrieve token: ns0:RequestFailed: EndTime: Thu Nov 14 11:16:07 CST 2019 is not after startTime: Thu Jan 09 15:36:50 CST 2020". The date is probably different.

2. SRM UI displays the error below when trying to pair sites: 

ERROR
Operation Failed
SRM server 'example' cannot complete a pair operation. The received single sign-on token is valid from '2024-03-15 14:35:18.862' to '2024-03-15 22:35:18.862'. It is currently '2024-03-15 14:34:07.285'. The tolerance is 30000 milliseconds.
Operation ID: 32662462-####-####-####-##########1e
3/15/24, 9:35:19 PM +0700

3. From vCenter, vmware-identity-sts.log on remote vCenter, below log messages can be seen:

[2020-01-09T15:36:50.531+08:00 tomcat-http--43 vsphere.prd 8ac53787-####-####-####-##########47 DEBUG com.vmware.identity.sts.impl.HoKConditionsAnalyzer] Found HoK certificate [
[
  Version: V1
  Subject: OU=Site Recovery Manager client, O=VMware vSphere Client, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.#.###.######.#.#.##

  Key: Sun RSA public key, 2048 bits
  modulus: #############
  public exponent: 65537
  Validity: [From: Tue Nov 14 11:16:07 CST 2017,
               To: Thu Nov 14 11:16:07 CST 2019]
  Issuer: OU=Site Recovery Manager client, O=VMware vSphere Client, C=US
  SerialNumber: [ ######## ####]

]

4. From /var/opt/apache-tomcat/logs/dr.log:

2020-01-09 07:36:50,592 [srm-reactive-thread-12] INFO  com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor 30ba2fc4-####-####-####-#########45 pairLogin - Failed trying to retrieve token: ns0:RequestFailed: EndTime: Thu Nov 14 11:16:07 CST 2019 is not after startTime: Thu Jan 09 15:36:50 CST 2020

5. Time synchronization looks good on vCenter/SRM/VR.

6. Restarting vCenter, SRM or vSphere Replication won't help.