Check the network settings and make sure you have network access to the identity source
cannot establish connection with uri: ldaps://<FQDN_DC:636>
YYYY-MM-DDThh:mm:ss.msZ tomcat-http--29 vsphere.local da18bc82-65c3-46c2-b5b0-6ee554d9d030 ERROR com.vmware.identity.idm.server.provider.ldap.LdapWithAdMappingsProvider] Failed to retrieve upnSuffixes in AD over LDAP provider '<domain.name>'
YYYY-MM-DDThh:mm:ss.msZ tomcat-http--50 vsphere.local 5f44813d-fb70-4f4e-9b0c-d7d3ce7ae66f ERROR com.vmware.identity.interop.ldap.SslX509EqualityMatchVerificationCallback] Server SSL certificate verification failed for [Subject: ] [SHA1 Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX].: No match found in the trusted certificates store.
YYYY-MM-DDThh:mm:ss.msZ tomcat-http--50 vsphere.local 5f44813d-fb70-4f4e-9b0c-d7d3ce7ae66f ERROR com.vmware.identity.interop.ldap.OpenLdapClientLibrary] Server SSL certificate not trusted; bytes:
YYYY-MM-DDThh:mm:ss.msZ error vpxd[04839] [Originator@6876 sub=User opID=58a82c56] Failed to authenticate user <[email protected]>
VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x
AD certificate expired and vCenter server is not able to communicate with AD server
openssl s_client -connect <domain controller>:636 -showcerts
Sample output
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIKYURFHAAAAAAA
BDANBgkqhkiG9w0BADSHDFSJnjdwEQYK
..........snip..........
TmqX6mnsaxcjushyuVGYHGVBJKNW5Z5L
hYZhHKsf9CmZa12j/ODfznFtAgbPNw==
-----END CERTIFICATE-----
AD users will not be able to communicate with the AD for authentication and users receive an error Failed to authenticate user