We have 2 Windows based vCenters in our environment, with the following Windows + vCenter version configuration:
Windows Server 2008 R2 with vCenter 6.0 Update 1 (Embedded PSC Architecture)
Windows Server 2012 (Not R2) with vCenter 6.0 Update 2 (Embedded PSC Architecture)
On both of these vCenter, we've replaced the machine certificated with 3rd party CA signed certificates (in the case of the vCenter 6.0U2, this was done while at version 6.0U1.)
For some reason, when trying to apply fixes with broken SSL trust anchors documented in VMware KB: vCenter Server or Platform Services Controller certificate validation error for external ... , when accessing the lookup service's MOB interface @ https://<vcenter-FQDN>/lookupservice/mob, I'm repeatedly prompted for credentials to login. I've tried the email@example.com account as well as AD integrated accounts that have admin access in SSO. In both cases these IDs can login to the PSC / vCenter fine, but nothing seems to authenticate with the MOB interface for the lookup service.
On both vCenters as well, if I try to access the PSC web interface via https://<vcenter-FQDN>/psc, I receive an error:
HTTP Status 400 - An error occurred while sending an authentication request to the PSC Single Sign-On server - null
type Status report
message An error occurred while sending an authentication request to the PSC Single Sign-On server - null
description The request sent by the client was syntactically incorrect.
I am confident both symptoms are related, as we have other Windows based vCenters running 6.0 Update 1 where this is not an issue. However, I've been at a loss to identify the cause of find any logs that correlate to the errors for the PSC web interface or failed authentications to the MOB.
Would greatly appreciate any tips or guidance on how to solve this issue. Without being able to login to the MOB, we're unable to resolve SSL certificate issues that I described above. Thanks much in advance!