After a convergence from vCenter Server with external Platform Services Controller to vCenter Server with embedded Platform Services Controller, the vCenter Server Key Management Server(s) Connection Status appears with the warning:

"Not connected (Trust not established. View Details)"

• VMware vCenter Server Appliance 6.5.x
• VMware vCenter Server Appliance 6.7.x

The Key Management Server(s) (KMS) trusted certificate is not retained during the convergence process.

Important: The broken trust relationship between vCenter Server and the Key Management Server(s) does not impact currently encrypted Virtual Machines.

This issue is resolved in :
vCenter Server 6.7 Update 2.
vCenter Server 6.5 Update 3.

Workaround:
Manually re-establish the trust relationship between vCenter Server and the Key Management Server(s). For more information see Establish a Trusted Connection by Exchanging Certificates.

1. Log in to the vSphere Web Client, and select a vCenter Server system.
2. Click Configure and select Key Management Servers.
3. Select the KMS instance with which you want to establish a trusted connection.
4. Click Establish trust with KMS.
5. Select the option appropriate for your server and complete the steps.