• When try to access Auto Deploy > Deploy Rules in vSphere Client, only an error message is displayed, stating:

Managing rules is temporarily unavailable. Server has wrong SHA1 thumbprint <thumbprint> (required) != <other thumbprint> (server)

Before applying the steps below, please ensure to have a recent backup or offline snapshot of the vCenter Server Appliance. In case vCenter Server Appliance (VCSA) is in an Enhanced Linked Mode (ELM) replication configuration with other VCSAs, you need to take offline snapshots for all ELM nodes.

To solve the issue, apply the following steps:

1. Open an SSH connection to the VCSA and login with root
2. Run sqlite3 against the Auto Deploy database:

   # sqlite3 /var/lib/rbd/db

3. Run the following query to output the information about the vCenter from the DB, including current certificate thumbprint used by Auto Deploy:

   select * from vc_servers;

4. Exit sqlite3 by running:

   .quit

5. Now export the current machine SSL certificate from the vCenter Endpoint Certificate Store (VECS):

   # /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /tmp/machineSSL.crt

6. Next, use OpenSSL to output the SHA1 fingerprint of the exported certificate:

   # openssl x509 -in /tmp/machineSSL.crt -noout -fingerprint

7. Compare the fingerprint with the one seen in step 3. If they are different, move on with the next steps
8. Stop the Auto Deploy service:

   # service-control --stop vmware-rbd-watchdog

9. Connect sqlite3 with the Auto Deploy database:

   # sqlite3 /var/lib/rbd/db

10. Update the thumbprint in the database:

    update vc_servers set thumbprint = "<thumbprint from step 6>";

11. Exit sqlite3:

    .quit

12. Restart the Auto Deploy service:

    # service-control --start vmware-rbd-watchdog