• Message prompts similar to below are encountered when access vCenter Server web client ui over browser:
  
  [400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - java.lang.reflect.InvocationTargetException
  
  

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - com.vmware.vcenter.apigw.api.sso.tokenmgmt.TokenException: Failed to acquire an API GW service-principal token.

• Multiple services including vmware-vpxd and vmware-sps fail to start and /var/log/vmware/vpxd/vpxd.log has below messages:
  
  AcquireToken exception: N9SsoClient27InvalidCredentialsExceptionE(Authentication failed: Invalid credentials)
  
  
• One or more Solution users certificates are found to have expired upon running below command as per Verify and resolve expired vCenter Server certificates using the command line interface :
  
  for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;