vCenter 6.7 Joining enhanced linked mode after cert replacement fails (Failed to validate sso.(log_info() takes 1 positional argument but 2 were given))

I just deployed a new vCenter 6.7 server with embedded PSC. I'm planning on adding four other additional sites using enhanced linked mode. I'm also using a hybrid certificate replacement approach in order get rid of the certificate warnings. By that I mean I'm replacing the machine SSL certs with my internal enterprise CA and utilizing VMCA for the solution users certificates.  Here is what I have done:

1. Created a custom template on our internal CA for vSphere purposes.

2. Followed the process to replace the machine certificate on my first vCenter/PSC (vcenter-site1.domain.com)

3. Imported the Root and Intermediate Certs to complete the trust chain (We both have a root and issuing CA)

4. Verified that I am no longer getting invalid certificate warnings and that the site now shows green.

5. Integrated vCenter/PSC with AD and added groups to allow domain login.

With that, everything works as expected.

Now I'm trying to deploy another site (vcenter-site2.domain.com). I'm on stage 2, step 3 which is the SSO configuration. I'm asked to provide the existing PSC FQDN, the single sign-on domain, and password. When I hit next, I see the validation of the connection and it correctly identifies the that the vCenter server has an embedded PSC. I am then presented with the following error

I presume this has something to do with the certificate replacement but I'm not sure where to look next. I came across a KB 2121701 ,but I checked and the thumbprints match so everything looks OK so I'm not sure if that KB applies. The only thing that struck me as odd was the following output when running echo | openssl s_client -connect localhost:443

Certificate chain

0 s:/C=CA/ST=CA/L=SanJose/O=Company/OU=VMware Engineering/CN=vcenter-site1.com

   i:/DC=com/DC=company/CN=Company Issuing Certification Authority

1 s:/DC=com/DC=company/CN=Company Issuing Certification Authority

   i:/DC=com/DC=company/CN=Company Root Certification Authority

2 s:/DC=com/DC=company/CN=Company Root Certification Authority

   i:/DC=com/DC=company/CN=Company Root Certification Authority

That could be a red herring but I thought I would include it.

Does anyone have any idea what this error could mean?