You may observe that VMware Aria Automation is unable to execute deployments following a recent vCenter Server certificate replacement. In the VMware Aria Automation UI, the vCenter Cloud Account status reports a "Warning" state. When this occurs, provisioning requests fail with the following error message: Hard constraints cannot be matched.

Additionally, the provisioning-service-app logs confirm the failure with the following entry:

• VMware Aria Automation 8.18.1

• vCenter Server

This issue occurs because VMware Aria Automation is still utilizing the expired vCenter Server certificate. The newly replaced vCenter certificate does not automatically propagate to the Aria Automation Cloud Account, resulting in an untrusted connection state. The expired certificate prevents the provisioning service from authenticating with and validating resources against the vCenter endpoint, causing the hard constraints matching failure.

To resolve this issue, you must update the Cloud Account certificate. Doing this updates the trusted certificate chain for the vCenter Cloud Account within the Aria Automation database, restores secure communication, and allows deployment constraints to resolve successfully.

1. Execute the procedure to update the Cloud Account certificate using the VMware Aria Automation Orchestrator (vRO) workflow, as documented in Broadcom KB 318756: https://knowledge.broadcom.com/external/article?articleNumber=318756.

2. Once the workflow is complete, verify in the Aria Automation UI that the Cloud Account status has transitioned back to "Ok".