Spoiler alert: I was unable to find a solution to this issue, and ended up deploying a new VCSA instance.
I made the mistake of not assigning a static IP address to my vCenter Server Appliance instance. When I rebooted my router, it was assigned a new IP address. When I attempted to access the vSphere Web Client, I got this:
A server error occurred.
 An error occurred while sending an authentication request to the vCenter Single Sign-On server – An error occurred when processing the metadata during vCenter Single Sign-On Setup – AFD Native Error Occured [sic]: 9127.
Check the vSphere Web Client server logs for details.
This actually seems to be at least two errors:
- Error while sending an authentication request to SSO server.
- Error processing metadata during SSO setup.
Searching around, I couldn’t find anyone with the exact same issue. The closest I could find was this – the error message is nearly the same, except in my case an actual error number is reported (9127) as opposed to “null”. I also verified that my date/times were synced up properly, so this wasn’t the issue.
Thankfully the VCSA admin interface was still working, presumably because it doesn’t rely on SSO – my VCSA’s root password was all that was needed. In the admin interface, I did notice that the SSO service was indeed not running.
The first thing I tried was updating my VCSA instance (which was on version 184.108.40.20600 Build Number 4602587):
After the update (to 220.127.116.1100 Build Number 5178943), I got basically the same error message while attempting to access the vSphere Web Client, except that it was no longer explicitly complaining about failing to access the SSO server:
The VCSA admin interface confirmed that the SSO service was indeed running. But why was I still getting the 9127 error?
I wish I could say that I found an answer to that question, but in the end I gave up and deployed a new VCSA instance. As I alluded to at the beginning of the post, I suspect this was caused by the VCSA IP address changing, leading to the SSO certificate(s) being invalidated, but I’m not sure. Hopefully I can save someone else the hassle of trying in vain to find a solution. Or even better, maybe someone can tell me how I could have fixed it…