• Starting with vCenter version 7U2, the system explicitly enforces the use of the SHA-256 message digest algorithm (-md=sha256), which leads to decryption failures in certain configurations.
• Autodeploy hosts fail to boot after vCenter upgrade from 7.0 u1 to 7.0 U2.
• On vCenter:
  /var/log/vmware/rbd/rbd-cgi.log

YYYY-MM-DDTHH:MM:SS [3660]INFO:item_resolver:using rule -- 'vim.profile.host.HostProfile:HOST_PROFILE_NAME'
YYYY-MM-DDTHH:MM:SS [3660]ERROR:miscutil:Error: Could not obfuscate string rc: 1
error:b'bad decrypt\n140599571782400:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad >decrypt:evp_enc.c:563:\n'

The issue arises because vCenter 7U1 utilizes the SHA1 message digest algorithm (-md sha1). While beginning with vCenter version 7U2, the platform mandates the use of SHA-256 (-md sha256) for cryptographic operations.
This mismatch in digest algorithms results in decryption failures during the boot process.

This is fixed in vCenter Server update 7u2c and later.

For workaround kindly open support request with Broadcom support.