When you click Sign In to Tanzu Mission Control (TMC) Self-Managed , you are redirected to your upstream IDP to Log in. 

NOTE - The first user to log in to your Tanzu Mission Control Self-Managed deployment must belong to the tmc:admin group.

VMware Tanzu Mission Control Self-Managed 

Tanzu Mission Control Self-Managed 

Multiple contour services are deployed in the cluster due to which TMC is not able to route the traffic to correct LoadBalancer. 

You will observe below error in "landing-service-server-xxxxx" pod running under "tmc-local" namespace. 

container: server (OLYMPUS_TANZU_TENANCY_ENDPOINT):443\", }. Err: connection error: desc = \"transport: Error while dialing: dial tcp: lookup $(OLYMPUS_TANZU_TENANCY_ENDPOINT): no such host\"","subcomponent":"grpc-runtime","time":"2025-01-21T12:43:32Z"} {"component":"server-serve-grpc","level":"warning","msg":"[core] [Channel #17 SubChannel #18] grpc: addrConn.createTransport failed to connect to {Addr: \"$(OLYMPUS_TANZU_TENANCY_ENDPOINT):443\", ServerName: \"$ 

Moreover, using wildcard certificate for your secrets (for example, *.<my_tmc_dns_zone>) can cause the error Fatal error loading application configuration when attempting to access the TMC console, and shows an HTTP 404 error in your browser, because the ingress redirects the URL incorrectly.

Make sure only single contour is deployed under "tmc-local" namespace in the cluster.

If using a wildcard certificate for your secrets (for example, *.<my_tmc_dns_zone>) , regenerate the secrets with dedicated certificate for each individual DNS, update the secrets, and then restart the corresponding service deployments and stateful sets.

For more information about these secrets, see the mapping section in Certificate rotation in Tanzu Mission Control Self-Managed.

https://techdocs.broadcom.com/us/en/vmware-tanzu/standalone-components/tanzu-mission-control/1-4/tanzu-mission-control-documentation/tanzumc-sm-install-config-prepare-cluster.html