If the LDAPS certificate has been changed on the LDAP server side, but the new certificate hasn't been updated on vCenter, LDAP authentication to the vCenter will fail.

vCenter Server 7.x

vCenter Server 8.x

LDAPS certificates mismatch between vCenter and LDAP servers. Currently installed LDAPS certificates ended in XXX while active server certificates ended in YYY. This causes communication to fail between vCenter and LDAP server.

Run the following command to see the certificates currently stored for LDAPS authentication servers;

d1=$( cat /etc/vmware/install-defaults/vmdir.domain-name | sed -E 's/\./,/g ; s/([,^]+)/\0dc=/g ;s/^/dc=/' );d2=$(cat /etc/vmware/install-defaults/vmdir.domain-name );psc=$(/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost | cut -d / -f 3 | cut -d : -f 1);/opt/likewise/bin/ldapsearch -LLL -h $psc -p 389 -b "cn=IdentityProviders,cn=$d2,cn=Tenants,cn=IdentityManager,cn=Services,$d1" -D "cn=administrator,cn=users,$d1" -W '(objectclass=vmwSTSIdentityStore)' userCertificate

Run the following command to see the live certs being presented from the LDAPS servers;

echo -n | openssl s_client -connect LDAPS_FQDN:636 -showcerts 

Compare the 2 outputs for each LDAPS server and ensure they are they same. If not, you will need to recreate the LDAP config in vCenter for the domain having issues, with the correct certificate.