Users are unable to configure the vSphere replication adapter instance in Aria Operations after setting up the vSphere Replication appliance. When you attempt to validate the connection using the vCenter Server credentials, the connection fails with the error:

"Failed to authenticate to HMS server"

The failure is observed in two distinct ways:

• After setting up the Replication Adapter, the connection fails validation.
• When clicking to accept the certificate during test validation, the result shows a "null" error.

Synonyms observed from customer cases:

• Error "Failed to authenticate to HSM server" during test validation
• Replication adapter validation fails
• Cannot collect vSphere Replication inventory and metrics

This prevents the collection of vSphere Replication inventory and metrics.

• Aria Operations 8.18.x
• vSphere Replication 9.0.x

The immediate cause of the failure is that the Aria Operations adapter cannot establish a trusted SSL connection with the vSphere Replication (VR) Hybrid Migration Service (HMS) endpoint on vCenter Server.

The adapter expects the vCenter Server's full certificate chain but encounters a certificate validation exception when the embedded vCenter Server Platform Services Controller (PSC) uses its internal self-signed certificate for the HMS service on port 8043, instead of the third-party CA certificate presented to the Aria Operations adapter.

You can identify this cause by reviewing the collector log, which records the following exception during the connection attempt:

2025-11-26T00:04:27,037+0000 ERROR [Collector worker thread 11] com.vmware.vr.vrops.VrAdapter.createAuthenticatedVcFactory - error: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured

This confirms the service on port 8043 is presenting a certificate that is not trusted by the adapter, leading to the authentication failure and the subsequent "null" error during certificate acceptance.

To resolve this issue, manually import the Root CA Certificate into the Aria Operations Truststore.

1. SSH into the Aria Operations Primary node as root.

2. Perform the following command to retrieve certificate details. Replace <vSphere_Replication_FQDN> with the appropriate hostname:

   openssl s_client -connect <vSphere_Replication_FQDN>:443
   

3. From the result, locate the Root CA.

   • If the Root CA is displayed, save it as a root.pem file.

   • If the Root CA is not explicitly shown, save the result content as cert.txt, then run the following command to extract the Root CA:

     openssl x509 -in cert.txt -text -noout
     

   • Save the extracted Root CA certificate as a root.pem file.

4. Log in to the Aria Operations user interface.

5. Navigate to Administration > Control Panel > Trusted Certificates.

6. Click Import and select the root.pem file created in the previous steps.

7. Return to the adapter configuration and click Test Connection to confirm the adapter connects successfully.