domain.com
as part of a subject alternative field property.Problem connecting to directory: Host {0}, Reason - {1}
/logs/connector-dir-sync.log
logfile contains an 'No subject alternative DNS name matching'
error similar to:2024-02-16T15:27:44,078 INFO (Thread-) [;@;;] com.vmware.horizon.directory.ldap.util.TLSConnectionLogHelper - Class:com.vmware.horizon.directory.ldap.dc.service.context.SSLContextFetcher, Action:TLS_CONNECTION_FAILED, Message:TLS Connection Failed to host - (<IP>:636)
2024-02-16T15:27:44,078 ERROR (Thread-) [;@;<IP>;] com.vmware.horizon.directory.ldap.dc.service.context.JNDIContextFetcher - Failed to connect to domain.com:636
javax.naming.CommunicationException: simple bind failed: domain.com:636
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching domain.com found.
VMware Identity Manager 3.3.x
The failure occurs when vIDM attempts to validate the domain name against the certificate presented which fails when the the root certificate for the domain does not contain the domain name domain.com
as part of a subject alternative field property
To resolve the issue you need to recreate the domain root certificate with teh domain name added as a Subject Alternative Field Name(SAN) property.
Otherwise you can only configure the domain against an individual domain controller.