Aria Orchestrator 8.18.1 with vSphere authentication enabled

The service account certificate has expired at the time of the call is being made. There is likely an issue concerning the trigger of the service account update and the token renewal being unsynchronized for a short period of time.

An entry like this is found in the /services-logs/prelude/vco-app/vco-server-app.log:

2025-08-19T17:13:58.939Z ERROR vco [host='vco-app-xxxxxxxxxx-xxxxx' thread='licenseComplianceScheduler-1' user='' org='' trace=''] {} com.vmware.vim.sso.client.impl.SoapBindingImpl - SOAP fault
com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: EndTime: Tue Aug 19 17:13:54 GMT 2025 is not after startTime: Tue Aug 19 17:13:58 GMT 2025 Please see the server log to find more detail regarding exact cause of the failure. 

Corresponding entries in the vCenter logs for the above call:

2025-08-19T17:13:58.909Z INFO sts[88:tomcat-http--50] [CorId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] [com.vmware.identity.sts.ws.handlers.SOAPHeadersExtractor] Found 1 
(clipped)
2025-08-19T17:13:58.928Z ERROR sts[88:tomcat-http--50] [CorId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] [com.vmware.identity.sts.ws.StsServiceImpl] java.lang.IllegalArgumentException: EndTime: Tue Aug 19 17:13:54 GMT 2025 is not after startTime: Tue Aug 19 17:13:58 GMT 2025\n\tat com.vmware.identity.util.TimePeriod. [com.vmware.identity.sts.ws.SOAPFaultHandler] Returning a SOAP Fault with code: ns0:RequestFailed and description: EndTime: Tue Aug 19 17:13:54 GMT 2025 is not after startTime: Tue Aug 19 17:13:58 GMT 2025 

Apply the following workaround to give more time for the account token synchronization to take place. Apply the following property in the vRO:

vracli vro properties set -k "com.vmware.o11n.sso.svcaccount.ephemeral-cert-lifetime-ms" -v "7776000000"