Cannot proceed with a vCenter Server upgrade when the pre-checks for Reduced Downtime Upgrade fail with a 401 Unauthenticated exception.

This issue typically occurs during the vCenter upgrade workflow when vSphere Lifecycle Manager (vLCM) is unable to authenticate requests. As a result, the upgrade pre-check process stops and does not allow the upgrade to continue.

In the vLCM log file located at:  /var/log/vmware/vlcm.log

Failed to get VC client for authorization of com.vmware.vcenter.lcm.notifications.ndc.certificate.notify ... certificate signed by unknown authority.

VMware Cloud Foundation 9.0

This issue occurs when a certificate change operation on the vCenter Server fails specifically for the vSphere Lifecycle Manager (vLCM) service.

Due to the failed certificate update, the vLCM service is left in an inconsistent state and is unable to authenticate incoming requests, resulting in 401 Unauthenticated errors during the Reduced Downtime Upgrade pre-checks.

Restart the vSphere Lifecycle Manager (vLCM) service on the affected vCenter Server to restore proper authentication and allow the upgrade pre-checks to complete successfully.

Steps to restart the vLCM service

• Run the following command on the vCenter Server Appliance (VCSA):

service-control --restart vmware-vlcm

• After restarting the service, re-run the vCenter Reduced Downtime Upgrade pre-checks.