While applying the custom certificate operation after a PNID change, the error ‘Failed to notify APPLMGMT’ occurrs.

The following messages are seen in the certificatemanagement-svcs.log file:

2024-09-03T15:11:38.958Z [tomcat-exec-5 [] WARN  com.vmware.certificatemanagement.vapi.util.TokenExchangeUtil  opId=] Ignoring error. Failed on session delete...
2024-09-03T15:11:38.964Z [tomcat-exec-5 [] ERROR com.vmware.certificatemanagement.notifications.services.PrioritizedNotificationService  opId=] Failed to notify APPLMGMT on http://localhost:1080/api/appliance/certificates/notification, retrying again.
2024-09-03T15:11:41.964Z [tomcat-exec-5 [] ERROR com.vmware.certificatemanagement.impl.tls.TlsReplace  opId=] TLS Certificate replacement failed : Failed to notify APPLMGMT on http://localhost:1080/api/appliance/certificates/notification, on all retries.

vCenter Server 7.0

vCenter Server 8.0

This is a known issue that affects certificate replacement through the API or vCenter UI.

During the PNID change workflow, the applmgmt service is not restarted and continues to use the old PNID. When the NDC notification is triggered after the PNID change, the old PNID is used for authorization, which results in the NDC notification failure with the “Failed to notify APPLMGMT” error.

Workaround:

1 - Log in to the vCenter Server Appliance via SSH as root.

2 - Restart the Appliance Management service:

service-control --restart applmgmt

3 - Verify that applmgmt service is active and running:

service-control --status applmgmt