To resolve this issue, replace the CA signed certificates on the vCenter Server Appliance with the certificates created with Subject Alternative Name of the vCenter Server Appliance FQDN and IP Address.
Running the show log manager follow command contains entries similar to:
2016-10-27 10:25:01.110 EDT ERROR TaskFrameworkExecutor-25 Worker:219 - BaseException thrown while executing task instance taskinstance-11261 com.vmware.vshield.vsm.sso.exceptions.RegistrationServiceInitializeException: core-services:4000:Initialization of Admin Registration Service Provider failed.:Error occurred while registration of lookup service, com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched.
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
To verify that the certificate has the correct values using the web browser: