Symptoms:
In a vSAN KMS encrypted cluster, the "certificate status" for the KMS cluster shows up with an error in the health check, but the trust and all checks on the individual KMS servers are all green.
When you try to generate new encryption keys, you get the following error message in the vCenter vSphere Client:
"General vSAN error: There was an issue generating new KMS keys for the cluster."
These do not resolve the issue:
- Restarting of vmware-sps and vmware-vsan-health on vCenter
- vCenter Reboot