if it prompted a new fingerprint on login then either the Management Server certificate had been renewed since last login or something between client and server is tampering with the certificates. Latter can happen if the firewall is in between client and server and it's doing TLS decryption, either via a specific inspection rule or via application detection (in either case a TLS Client Protection CA must have been defined in firewall properties). That could explain the Log Server issue as well. The certificates used in the connection could be verified on client machine with Wireshark.
Another, albeit unlikely, possibility is that Log Server no longer trusts the CA that signed its own certificate, maybe due to some upgrade or backup restore. If that seems to be only remaining explanation then I'd recommend opening a support ticket.