• vCenter registration is unaffected on the HCX admin 9443 page.

• The following error is logged in the HCX Manager at /common/logs/appliance-management/appliance-management.log : "Cannot load STS signer certificate."

  2024-03-27 07:49:51.148 UTC [https-jsse-nio-9443-exec-7, , ] ERROR c.v.h.a.c.LookupServiceConfigValidator- Cannot load STS signer certificate from https://<FQDN-or-ip>:7444/sso-adminserver/sdk/vsphere.local
2024-03-27 07:49:51.149 UTC [https-jsse-nio-9443-exec-7, , ] WARN  c.v.h.a.c.LookupServiceConfigValidator- Cannot access lookup service at https://<FQDN-or-ip>:443/lookupservice/sdk
java.lang.Exception: Cannot load STS signer certificate from https://<FQDN-or-ip>:7444/sso-adminserver/sdk/vsphere.local

• Accessing the HCX plugin from vCenter  error in vSphere Client:
  Http failure response for https://<FQDN-or-IP>/plugins/com.vmware.hcx.plugin~4.#.#.#####~-927095797/#.#.#.#-443/vsphere-client/ui/hcx/hcx-ui/rest/hybridity/api/sessions: 401 OK

HCX
vCenter

This issue is related to vCenter (STS). 
It typically occurs due to an SSL trust mismatch on the vCenter side.

Please use the lsdoctor script, available at Using 'lsdoctor' Tool

Ensure you take backups and snapshots of vCenter before running the lsdoctor tool.
For more information on vCenter snapshots, visit VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice

1. python lsdoctor.py -l   >>  to check for SSL trust mismatch and stale configurations in vCenter upgraded from 5.x.
2. python lsdoctor.py -t   >>  to fix SSL trust issues
   
   Note: If you find stale legacy endpoints after running the command python lsdoctor.py -l , then you need to run python lsdoctor.py -s to clean up any stale configurations left over from a vCenter system upgraded from 5.x

Register the SSO again with HCX.

• HCX plugin not working in vCenter UI
• HCX - Health Check and Best Practices