When performing a brownfield convert from VVF to VCF, the automated deployment of the fleet management appliance (Aria Suite Lifecycle / vRealize Suite Lifecycle Manager) fails.

This error occurs specifically during the phase where the newly deployed fleet management virtual machine certificate is added to the SDDC Manager truststore. The deployment process halts, and the task status reports a failure in the orchestration wizard

• The following error is observed in the VCF Installer
  
  
• The following error signatures are logged within the /var/log/vmware/vcf/domainmanager/domainmanager.log file:
  
  YYYY-MM-DDT HH:MM:SS DEBUG [vcf_dm,######,f780] [c.v.v.s.t.DynamicTrustManager,dm-exec-19]  Error checking certificate chain CN=<vCenter FQDN>, OU=VCF, O=Broadcom, C=US, SerialNumber=###### for validity.
java.security.cert.CertificateException: Unable to construct a valid chain
  
  
• Further review of the Domain Manager logs shows it resolving the Management vCenter FQDN to a powered-off VM:
  
  YYYY-MM-DDT HH:MM:SS DEBUG [vcf_dm,######,1613] [c.v.e.s.c.c.v.vsphere.VcManagerBase,dm-exec-12]  Searching for VM with address <vCenter FQDN>
YYYY-MM-DDT HH:MM:SS DEBUG [vcf_dm,######,1613] [c.v.e.s.c.c.v.vsphere.VcManagerBase,dm-exec-12]  Found VM <vCenter VM Name>_8.0_PowerdOFF with address <vCenter FQDN>

During the certificate validation phase, the VCF Domain Manager service attempts to resolve the active Management vCenter Server instance by scanning the vSphere inventory for its configured FQDN or IP address.

If a stale, duplicate, or powered-off virtual machine instance remains in the inventory with identical network definitions (e.g., left over from a previous migration, upgrade, or template deployment), the Domain Manager may bind to the Managed Object Reference (MoRef) ID of the inactive virtual machine. Because the inactive object does not possess the operational state or valid certificate attributes required by the deployment wizard, the installer fails to build and validate the certificate trust chain.

Take a snapshot of the SDDC Manager and vCenter Server before proceeding.

Step 1: Inventory Remediation

1. Open a web browser and log in to the vSphere Client using administrative credentials.
2. Select the Shortcuts menu and navigate to VMs and Templates or Hosts and Clusters.
3. Use the global search bar or manually browse the inventory tree to find the duplicate virtual machine object (for example, an object named <vCenter VM Name>_8.0_PowerdOFF).
4. Verify that this object is fully powered off and represents an unneeded or historical copy of the active vCenter Server.
5. Right-click the stale virtual machine object and select Remove from Inventory.
   Note: If it is confirmed that the underlying VMDK files are obsolete and a comprehensive environment backup exists, Delete from Disk may be selected instead.
6. Confirm that only the single, active Management vCenter Server virtual machine object remains associated with the production FQDN within the vSphere inventory.

Step 2: Workflow Resumption

1. Navigate back to the VCF Installer interface or the SDDC Manager UI.
2. Locate the failed fleet management appliance deployment task.
3. Click the Retry action to restart the certificate chain validation phase.
4. Alternatively, if utilizing the API, retrieve the active task ID and issue a retry call to the Domain Manager API endpoint:
   POST https://<SDDC Manager FQDN>/v1/tasks/{id}/retry