After performing a certificate update or maintenance on a vCenter Server High Availability (vCHA) cluster, attempts to reconfigure vCHA fail. The following error is observed in the vSphere Client:

The operation is not allowed in the current state. The management interface (NIC0) IP address does not map to the vCenter Server PNID.

This typically occurs if vCHA was destroyed while a non-original node (e.g., vC-B) was Active, leaving stale metadata in the inventory.

vCenter Server 7.x, and 8.x

The vcha-destroy -f command failed to completely remove the stale Passive node object from the vCenter inventory. The presence of this residual object creates a logical conflict where the management IP (NIC0) is still associated with the previous HA state, preventing the current standalone node from validating its PNID for a new HA deployment.

• Log in to the vSphere Client.

• Navigate to the Inventory view (Hosts and Clusters).

• Locate the residual vCenter Server VM object (the former Passive/Peer node that was part of the old HA configuration).

• Right-click the stale VM and select Delete from Disk (ensure you are only deleting the decommissioned HA node and not the current Active management node).

• Verify the PNID of the remaining node by logging into the vCenter Appliance shell (SSH) and running: /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

• Ensure the returned PNID matches the current Hostname and DNS FQDN.

• Restart the vCenter High Availability configuration wizard.

Update vCenter hostname to match PNID, refer to Broadcom KB 368672