• Navigating through Aria Operations UI > Operations > Configuration Drifts, the drift status check displays the error: "Drift check failed."

• /storage/log/vcops/log/adapter/configadapter/configadapter.log shows error SSLError('Fingerprints did not match')

[4349] 2025-05-13T05:11:02,160+0000 ERROR [TasksManager-AsyncNMPTaskThread--3] (10831) com.vmware.adapter3.vcf.unifiedconfig.client.vc.ConfigModuleClient.execute - Caught rest client exception while calling api https://######################/config-modules/api/vcenter/configuration/v1/scan-drifts: 500 Internal Server Error: "{"schema_version":"1.0-DRAFT","name":"Scan Drifts","timestamp":"2025-05-13T05:11:02.159592","description":"Exception fetching drifts.","status":"FAILED","errors":[{"timestamp":"2025-05-13T05:11:02.159592","source": {"server":"0.0.0.0","type":"ConfigModules","endpoint":"/config-modules/api/vcenter/configuration/v1/scan-drifts"} "error":{"message":"HTTPSConnectionPool(host='######################', port=443): Max retries exceeded with url: /rest/com/vmware/cis/session (Caused by SSLError('Fingerprints did not match. Expected \"######################\", got \"######################\"'))"}}],"target":{"hostname":"######################","type":"vcenter"}}"[4350] org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 Internal Server Error: "{"schema_version":"1.0-DRAFT","name":"Scan Drifts","timestamp":"2025-05-13T05:11:02.159592","description":"Exception fetching drifts.","status":"FAILED","errors":[{"timestamp":"2025-05-13T05:11:02.159592","source":{"server":"0.0.0.0","type":"ConfigModules","endpoint":"/config-modules/api/vcenter/configuration/v1/scan-drifts"}

 Aria Operations 8.18.3

The issue was compounded by expired or unused certificates that remained in the certificate store within Aria Operations, which had not been cleaned up.

Note: This is a known issue and has been addressed in VCF 9.0.

Please follow the workaround mentioned below 

1. Identify vCenter Adapter Certificates

• • Go to Aria Operations UI → Diagnostic → Certificates
•  
  • Click on View Details
•  
  • Use the filter/search bar to find certificates associated with the affected vCenter
•  
  • Identify the certificate related to the vCenter adapter.

2. Remove Expired/Unused Certificates 

• • Navigate to Aria Operations UI → Administrator → Control Panel → Trusted Certificates

  • Use the search bar to locate the vCenter adapter certificate identified earlier

  • Select the certificate and click Delete

3. Validate Adapter Connection

• • Re-test the vCenter adapter connection using steps in the KB

  • Related KB Article: VMware Aria Operations Plugin Not Connecting
•  
  • Ensure the vCenter adapter is in OK state

4. Perform Configuration Drift Check

• • Go to Aria Operations UI → Operations → Configuration Drift
•  
  • Select the affected vCenter
•  
  • Click Detect Drift to run the check again