• When performing an upgrade or restarting services on a vCenter Server, you may observe the "Cis License Health Alarm" changing status from Gray to Yellow or Red. In the vSphere Client, the alarm indicates a health status change for the Datacenters entity.
• The following error patterns are observed in /var/log/vmware/cis-license/license.log: 

  ERROR vmware.identity.interop.ldap.OpenLdapClientLibrary Exception when calling ldap_search_s
  com.vmware.identity.interop.ldap.ServerDownLdapException: Can't contact LDAP server
  WARN license.common.ft.impl.RetryStrategyImpl Received error while executing operation getSiteId. 
  com.vmware.vim.vmomi.client.common.UnexpectedStatusCodeException: Unexpected status code: 503

This issue occurs because the CIS License Service requires a stable LDAP connection to the VMware Directory Service (vmdir) to validate licensing and site identity. If vmdir is stopped (common during upgrade cycles or service maintenance), the License Service fails its health check and stops, triggering the alarm.

If the alarm was triggered during a known maintenance window or upgrade:

1. Verify that all vCenter Server services have returned to a "Running" state after the maintenance.
2. Log in to the vSphere Client.
3. Navigate to the vCenter Server object where the alarm is visible.
4. Click on Monitor > Triggered Alarms.
5. Locate the Cis License Health Alarm, select it, and click Acknowledge and then Reset to Green.