• You see a warning message in vSphere Client as "vSphere DRS functionality was impacted due to unhealthy state vSphere Cluster Services caused by the unavailability of vSphere Cluster Service VMs. vSphere Cluster Service VMs are required to maintain the health of vSphere DRS"
  
• Tried fixing unhealthy vCLS after fixing the vCenter extension thumbprint mismatch mentioned in "vSphere DRS functionality was impacted due to unhealthy state vSphere Cluster Services caused by the unavailability of vSphere Cluster Service VMs" alert in vSphere client UI and re-deploying the vCLS using retreat mode
• Once retreat mode was set back to system managed, new vCLS VMs started deploying; however, they are being automatically removed.
• vCLS VMs are stuck in a continuous loop of deployment and deletion.

Before proceeding with the steps below, take both a backup and a snapshot of the vCenter Server Appliance. If the vCenter is part of a Enhanced Linked Mode (ELM) replication setup, also take a backup or offline (powered off) snapshot of all replicating vCenter ELM nodes.

To resolve this issue,

Replace the solution users certificate using the new improved certificate management tool  vCert - Scripted vCenter Expired Certificate Replacement for all certificate management/replacement workflow. This tool helps to replace certificates with VMCA signed as well as custom CA signed certificates. 

1. Run the vCert script on your vCenter server.
2. Acknowledge the snapshot and risks warning.
3. Enter the administrator credentials. Select option 3 to manage certificates.
4. Select option 2 to replace solution user certificates.
5. Re-start all the vCenter services using the below command
   1. service-control --stop --all && service-control --start --all