VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates

0

Recently in the home lab, in working with vROPs 7 (vRealize Operations Manager) I had attempted to reestablish a connection to vCenter Server since I had swapped out vCenter VCSA appliances in the environment. I knew I needed to reconnect the vROPs connection to vCenter before it would begin pulling statistics again successfully. Since changing out the VCSA appliance, the SSL certificate between vCenters would be different. In attempting to restore the connection to the new vCenter (with the same FQDN name), I received the VMware vROPs 7 error adapter instance configured to trust multiple certificates.  Let’s take a close look and see how this can easily be resolved in the vROPs interface.

VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates

First, before going into the resolution to the issue, let’s see how I was able to produce the error to begin with. Navigating to Administration > Solutions > VMware vSphere and clicking the settings cogs, we can Test the connection to vCenter Server.

Testing-the-connection-to-vCenter-Server-from-vROPs-7-to-renew-SSL-connection VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Testing the connection to vCenter Server from vROPs 7 to renew SSL connection

To have presented to us the new SSL certificate of the newly provisioned vCenter Server, click the Test Connection link.

Click-Test-Connection-to-check-the-connection-between-vROPs-and-vCenter-Server VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Click Test Connection to check the connection between vROPs and vCenter Server

You will see the Review and Accept Certificate dialog box. This will display the Certificate Thumbprint of the vCenter Server.

Prompted-to-Review-and-Accept-the-certificate-presented-by-vCenter-Server VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Prompted to Review and Accept the certificate presented by vCenter Server

On clicking on the Accept button in the above dialog box, the error is displayed as below. Unable to establish a valid connection to the target system.  Adapter instance has been configured to trust multiple certificates, when only one is allowed.  Please remove any old, unneeded certficates and try again.

VMware-vROPs-7-Error-Adapter-Instance-Configured-to-Trust-Multiple-Certificates VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates

The resolution of the issue can be resolved in the GUI of the vROPs appliance. To manage certificates in vROPs, click Administration > Management > Certificates. Choose the certificate of the old vCenter Server and then click the red X.

Deleting-the-stale-certificate-for-the-previous-vCenter-Server-instance VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Deleting the stale certificate for the previous vCenter Server instance

You will see the Confirmation dialog box to delete the certificate. Click Yes.

Confirm-the-deletion-of-the-stale-certificate-from-vROPs-7 VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Confirm the deletion of the stale certificate from vROPs 7

If you have other integration relying on the old certificate, you will see another Confirmation dialog box noting the objects in vROPs that trust this certificate about to be deleted. Simply click Yes as we want to delete the old certificate.

This is a good place to note which instances you need to update with the new certificate.

A-second-warning-about-deleting-the-certificate-listing-services-that-depend-on-it VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
A second warning about deleting the certificate listing services that depend on it

After deleting the old vCenter Server certificate, you can navigate back to the Administration > Solutions > VMware vSphere and click on the Test Connection button once again.

Click-Test-Connection-to-check-the-connection-between-vROPs-and-vCenter-Server VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Click Test Connection to check the connection between vROPs and vCenter Server

You will see the Review and Accept Certificate dialog box again. Click Accept.

Prompted-to-Review-and-Accept-the-certificate-presented-by-vCenter-Server VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Prompted to Review and Accept the certificate presented by vCenter Server

This time, we see the Test connection successful message displayed. No errors are displayed concerning the SSL certificate.

This-time-the-Test-Connection-function-completes-successfully VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
This time the Test Connection function completes successfully

Clicking on the Save Settings button, you will see the Adapter instance successfully saved.

The-vCenter-Server-vSphere-Adapter-Instance-is-saved-successfully VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
The vCenter Server vSphere Adapter Instance is saved successfully

At this point, you can go through the list of additional connections under the Solutions, such as VMware vSAN, and test/save the connections to ensure you are using the new SSL certificate with vCenter Server.

It is extremely important to keep the SSL certificates/trust in mind when maintaining connections to vCenter Server. A change or problem with SSL certs, will prevent vRealize Operations Manager from being able to collect information or stop collecting information from the vSphere environment and other solutions such as vSAN.

Wrapping Up

The VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates can certainly cause issues for vROPs 7 being able to poll the vSphere environment properly. As in my case, this can be caused by a change in the vCenter Server certificate for the same vCenter connection. In my lab, I had completely changed the VCSA appliance and used to the same FQDN. In this case, the vROPs environment recognized when trying to test and add the new VCSA appliance to the environment, there was already an SSL cert and there would be multiple certificates for the same VCSA appliance/FQDN name. This leads to the error covered in the post. However, the resolution is quite simple – delete the existing certificate for the stale vCenter Server connection appliance and replace it with the new certificate by testing and saving the configuration after deleting the certificate.