When TLS is enabled on external database connections and Usage Service is deployed, the Usage Service fails to connect to the database and fails to start or crash.

When Usage Service is provided a Certificate from Operations Manager (Ops Manager) through the Databases > External databases > Database CA certificate form field, Usage Service tries to validate the complete certificate including the hostname of the external database. This behavior does not change regardless of Databases > External databases > Enable hostname validation checkbox being checked/unchecked.

This issue primarily affects external databases running on GCP and Azure as these DB Certificates contain mismatched hostnames.

To workaround this issue, follow the steps below:

1. Disable TLS communications with external DBs. This is recommended as this was not fully functional prior to VMware Tanzu Application Service (TAS) for VMs 2.9.0.

2. Don't deploy Usage Service.

3. Don't upgrade to TAS for VMs 2.9.0 (or subsequent versions) until Usage Service implements hostname validation skipping.