Symptoms

• When attempting to access the Updates tab for a vCenter Server or an ESXi host, the UI displays the error: An unexpected error has occurred.
• The vSphere Lifecycle Manager (vLCM) fails to load baselines or available updates.

vSphere 8.x, 9.x

This issue occurs when there is a mismatch between the SSL trust anchors stored in the VMware Directory Service (vmdir) or Lookup Service and the actual MACHINE_SSL_CERT on the vCenter node. This typically happens after a certificate rotation, a PSC/vCenter convergence, or a failed certificate replacement

To resolve the trust anchor mismatch and restore Lifecycle Manager functionality:

1. Verify the Mismatch: Run the vCert tool to identify if SSL Trust Anchors are in a MISMATCH state vCert Trust Reports.
2. Take Snapshots: Perform an offline snapshot of all vCenter nodes in the SSO domain before proceeding.
3. Fix Trust Anchors:
   • Use the lsdoctor tool with the trustfix switch to correct Lookup Service registration problems: python lsdoctor.py -t vCenter Trust Mismatch
   • Alternatively, use vCert Manager (vCert.py):
     • Select Option 4 (Manage SSL trust anchors).
     • Select Option 2 (Update SSL trust anchors) 
4. Restart Services: Restart vCenter services to load the updated trust stores and verify that the Updates tab in vLCM is now accessible.
   
   
   

See : vCert - Scripted vCenter expired certificate replacement