• A directory is attempting to be added over ldaps using the domain name not an individual domain controller address.
• The root certificate for the domain does not contain the domain name domain.com as part of a subject alternative field property.
• The same directory can be configured successfully with the FQDN of an individual domain controller hostname specified.
• The ui displays the error:
  Problem connecting to directory: Host {0}, Reason - {1}
• The /logs/connector-dir-sync.log logfile contains an 'No subject alternative DNS name matching' error similar to:
  
  2024-02-16T15:27:44,078 INFO  (Thread-) [;@;;] com.vmware.horizon.directory.ldap.util.TLSConnectionLogHelper - Class:com.vmware.horizon.directory.ldap.dc.service.context.SSLContextFetcher, Action:TLS_CONNECTION_FAILED, Message:TLS Connection Failed to host - (<IP>:636)
2024-02-16T15:27:44,078 ERROR (Thread-) [;@;<IP>;] com.vmware.horizon.directory.ldap.dc.service.context.JNDIContextFetcher - Failed to connect to domain.com:636
javax.naming.CommunicationException: simple bind failed: domain.com:636

Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching domain.com found.
  
  

VMware Identity Manager 3.3.x

The failure occurs when vIDM attempts to validate the domain name against the certificate presented which fails when the the root certificate for the domain does not contain the domain name domain.com as part of a subject alternative field property

To resolve the issue you need to recreate the domain root certificate with teh domain name added as a Subject Alternative Field Name(SAN) property.

Otherwise you can only configure the domain against an individual domain controller.