VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
Recently in the home lab, in working with vROPs 7 (vRealize Operations Manager) I had attempted to reestablish a connection to vCenter Server since I had swapped out vCenter VCSA appliances in the environment. I knew I needed to reconnect the vROPs connection to vCenter before it would begin pulling statistics again successfully. Since changing out the VCSA appliance, the SSL certificate between vCenters would be different. In attempting to restore the connection to the new vCenter (with the same FQDN name), I received the VMware vROPs 7 error adapter instance configured to trust multiple certificates. Let’s take a close look and see how this can easily be resolved in the vROPs interface.
VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates
First, before going into the resolution to the issue, let’s see how I was able to produce the error to begin with. Navigating to Administration > Solutions > VMware vSphere and clicking the settings cogs, we can Test the connection to vCenter Server.
To have presented to us the new SSL certificate of the newly provisioned vCenter Server, click the Test Connection link.
You will see the Review and Accept Certificate dialog box. This will display the Certificate Thumbprint of the vCenter Server.
On clicking on the Accept button in the above dialog box, the error is displayed as below. Unable to establish a valid connection to the target system. Adapter instance has been configured to trust multiple certificates, when only one is allowed. Please remove any old, unneeded certficates and try again.
The resolution of the issue can be resolved in the GUI of the vROPs appliance. To manage certificates in vROPs, click Administration > Management > Certificates. Choose the certificate of the old vCenter Server and then click the red X.
You will see the Confirmation dialog box to delete the certificate. Click Yes.
If you have other integration relying on the old certificate, you will see another Confirmation dialog box noting the objects in vROPs that trust this certificate about to be deleted. Simply click Yes as we want to delete the old certificate.
This is a good place to note which instances you need to update with the new certificate.
After deleting the old vCenter Server certificate, you can navigate back to the Administration > Solutions > VMware vSphere and click on the Test Connection button once again.
You will see the Review and Accept Certificate dialog box again. Click Accept.
This time, we see the Test connection successful message displayed. No errors are displayed concerning the SSL certificate.
Clicking on the Save Settings button, you will see the Adapter instance successfully saved.
At this point, you can go through the list of additional connections under the Solutions, such as VMware vSAN, and test/save the connections to ensure you are using the new SSL certificate with vCenter Server.
It is extremely important to keep the SSL certificates/trust in mind when maintaining connections to vCenter Server. A change or problem with SSL certs, will prevent vRealize Operations Manager from being able to collect information or stop collecting information from the vSphere environment and other solutions such as vSAN.
Wrapping Up
The VMware vROPs 7 Error Adapter Instance Configured to Trust Multiple Certificates can certainly cause issues for vROPs 7 being able to poll the vSphere environment properly. As in my case, this can be caused by a change in the vCenter Server certificate for the same vCenter connection. In my lab, I had completely changed the VCSA appliance and used to the same FQDN. In this case, the vROPs environment recognized when trying to test and add the new VCSA appliance to the environment, there was already an SSL cert and there would be multiple certificates for the same VCSA appliance/FQDN name. This leads to the error covered in the post. However, the resolution is quite simple – delete the existing certificate for the stale vCenter Server connection appliance and replace it with the new certificate by testing and saving the configuration after deleting the certificate.