• When using vCert to renew the Machine SSL certificate with custom certificates, the certificate verification passes with OK and services are updated
• During the services restart process, the following is outputted:
  
  -----------------------------------------------------------------
Stopping VMware services                                       OK
Starting VMware services                                   FAILED
Operation failed: Unable to start all VMware services, check log for details
  
  
• The last service to fail to start is the vmware-vapi-endpoint service
• Reviewing vCenter - /var/log/vmware/vapi/endpoint/endpoint.log shows: 
  
  Provided credentials are not valid
  
  
• Reviewing vCenter - /var/log/vmware/sso/vmware-identity-sts.log shows:
  
  Solution user cert is not valid


The solution user certificates are expired.

1. Utilized the VDT to confirm the solution user certificates are expired. For more information, refer to KB Using the VCF Diagnostic Tool for vSphere (VDT).
2. Renew the expired solution user certificates with vCert
   1. Launch vCert
   2. Acknowledge the prompt with y/n
   3. Enter option 3 - Manage certificates
   4. Enter option 2 - Solution User certificates
   5. Enter the appropriate option at the next prompt.
      
      The prompt will display:
      

      Select Solution User Certificate Replacement Method
-----------------------------------------------------------------
 1. Replace Solution User certificate with a VMCA-signed certificate
 2. Replace Solution User certificates with CA-signed certificates (not recommended)

   6. When prompted to restart services, enter in y for yes
3. Open a second SSH session to vCenter and watch the services start using the command:
   
   watch service-control --status --all