During the initial setup of a VMware Cloud Director Availability (VCDA) appliance (Step 6: Lookup Service configuration), the operation fails with the following error in the user interface:

The operation was cancelled due to an unexpected error.

In the /opt/vmware/h4/replicator/log/replicator.log file on the VCDA appliance, you see entries similar to:

2026-04-07 19:38:01.393 ERROR - [UI-########-####-####-####-############] [https-jsse-nio-8440-exec-8] c.v.h.c.c.error.ExceptionAdvisorBase : A POST request from root[IP_ADDRESS] to /config/check-sso failed.

com.vmware.vim.sso.client.exception.TimeSynchronizationException: Server returned 'request expired' less than 0 seconds after request was issued, but it shouldn't have expired for at least 600 seconds.

VMware Cloud Director Availability 4.7.x

This issue occurs when there is a significant time difference (clock skew) between the Cloud Director Availability appliance and the vCenter Server (Lookup Service).

vCenter Single Sign-On (SSO) authentication requires participating systems to be synchronized within a strictly defined tolerance (typically 10 minutes). If the time difference exceeds this limit, security tokens are rejected immediately as "expired," causing the setup process to be cancelled.

In many cases, this is due to NTP (Network Time Protocol) not being configured or running on the underlying ESXi hosts or the management appliances.

To resolve this issue, ensure that all components in the environment are synchronized to the same reliable time source.

1. Verify Current Time:

   • Log in to the console/SSH of the Cloud Director Availability appliance as root and run the date command.
   • Log in to the vCenter Server Appliance (VCSA) via SSH and run the date command.
   • Compare the results to identify the offset.

2. Configure NTP on Appliances:

   • For VCDA: Navigate to the Settings page in the Appliance Management UI and verify the NTP Server configuration.
   • For vCenter: Log in to the vCenter Server Management Interface (VAMI) at https://vcenter-ip-or-fqdn:5480, go to Time, and ensure NTP is configured and the status is 'Normal'.

3. Verify ESXi Host NTP:

   • In the vSphere Client, navigate to each ESXi host > Configure > System > Time Configuration.
   • Ensure the NTP service is running and pointed to the same NTP servers used by the appliances.

4. Retry Setup:

   • Once the clocks are synchronized across all components, return to the VCDA setup wizard and attempt the Lookup Service configuration again.

• KB 338568: "Server returned 'request expired' less than 0 seconds after request was issued" error when Registering vSphere replication