• VI Workload deployment failed with error message:
  
  Failed to validate certificate is imported in vCenter <vCenter_FQDN> trusted root certificates. Failing certificate thumbprints [xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx]
  
  
• SDDC manager logs shows errors similar to the following:
  
  {"name":"Import Trusted Root Certificates in vCenter Server","description":
"Import Trusted Root Certificates in vCenter Server","status":"FAILED","creationTimestamp":"yyyy-mm-ddThh:mm:ss.Z","completionTimestamp":"yyyy-mm-ddThh:mm:ss.Z",
"errors":[{"errorCode":"FAILED_TO_VALIDATE_VC_TRUSTED_ROOT_CERTIFICATE","errorType":"ERROR","arguments":
["<vCenter_FQDN>","[xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx]"],
"message":"Failed to validate certificate is imported in vCenter <vCenter_FQDN> trusted root certificates. 
Failing certificate thumbprints [xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx.xx]","causes":[],"referenceToken":"XXXXX"}]}

VMware SDDC Manager 4.x
VMware SDDC Manager 5.x

Workload Domain workflow is failing cause SDDC manager is not able to establish a trusted connection with the vCenter to retrieve the VMware Endpoint Certificate Store (VECS) information needed for the deployment process.

Add the missing root vCenter Certificate to the SDDC Manager trust store to re-establish the trust between both parties.

Once trust has been established between the SDDC manager and the vCenter reattempt the failed workflow.

To perform the task follow the steps from KB: How to import the vCenter Root Certificate into the SDDC manager TrustStore