Remote API calls calling for a token constantly show pop-up to accept a certificate from the authenticating domain controller when several domain controllers tie back to a single FQDN in the AD environment. This is also seen when a DC Load Balancer is used in the AD environment when linked to Aria Operations. 

Example of pop-up (certificate info censored for privacy reasons):

VMware Aria Operations 8.18.x

If the FQDN used in the Aria Operations Active Directory integration resolves to multiple IP addresses, it is required that the certs presented by each Domain Controller are imported into Aria Operations manually.

• NOTE: See AD/LDAP credentials do not always work in Aria Operations and the integration must be revalidated or refreshed to import the certificate for more details.

If using an AD Load Balancer: Import the CA's Root certificate to Aria Operations so that all IPs can be authenticated automatically through the certificate. 

• See Importing CA Certificates for more details.

If not using an AD Load Balancer: The certs presented by each Domain Controller are imported into Aria Operations manually. If this is not possible, Aria must be configured to contact a single Domain Controller instead.