Issue / Symptoms

Customers may observe that the Storage Profile Service (SPS) fails to start on the vCenter Server Appliance (VCSA).

When this occurs, one or more of the following symptoms may be observed:
SPS service is stopped and fails to start from the VAMI or command line
vCenter Server reports errors related to storage profiles
VM Storage Policy Based Management (SPBM) functionality is unavailable

In affected environments, this issue may be caused by a duplicate machine account or authentication-related condition.

VMware vCenter Server Appliance (VCSA) 7.x / 8.x

Duplicate vCenter Server machine accounts exist in the Single Sign-On vmdir database. One machine account is associated with the fully qualified domain name and another is associated with the vCenter IP address. This results in inconsistent identity resolution and TLS trust validation between internal vCenter services. Depending on how services connect during startup, authentication failures occur, leading to management service startup failures.

To resolve this issue, identify and correct the duplicate machine account condition affecting the SPS service:

1. Confirm that the Storage Profile Service (SPS) is failing to start on the VCSA using the VAMI or service-control commands.
2. Determine whether duplicate machine accounts exist for the vCenter Server by following the verification steps outlined in KB 326207 to identify duplicate machine account entries in the vmdir database. This includes validating machine account entries associated with both the vCenter FQDN and IP address.
3. Remove or correct the duplicate machine account condition by following the remediation procedure in KB 326207.
4. Restart the SPS service and validate that it starts successfully.

For detailed detection and remediation steps, see:

Broadcom Knowledge Base article 326207 — How to resolve duplicate machine account issues affecting vCenter services

This issue commonly presents with the vmware-sps service failing to start, appliance management and dcli commands returning internal server errors, and vCenter user interface access being unavailable or unstable. SSL trust validation may show the fully qualified domain name as valid while the IP address is missing. Certificate regeneration alone does not resolve this issue because the underlying problem is an identity inconsistency within vmdir rather than a certificate defect. This behavior is documented in Broadcom Knowledge Base article 326207 and is often introduced during restore, recovery, or configuration changes that inadvertently create duplicate machine identities.