• Configuring Identity source with "Active Directory over LDAPS" fails with below error message:

Cannot configure identity source due to Type or value exists.

• Logs for vsphere client : /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log

[YYYY-MM-DDTHH:MM:SS] [ERROR] http-nio-5090-exec-345        c.v.v.c.sso.admin.impl.IdentitySourceDomainManagementService      Error adding LDAP domains : Type or value exists com.vmware.vim.binding.sso.fault.InternalFault: Type or value exists
        at sun.reflect.GeneratedConstructorAccessor1138.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at java.lang.Class.newInstance(Class.java:442)
        at com.vmware.vim.vmomi.core.types.impl.ComplexTypeImpl.newInstance(ComplexTypeImpl.java:174)
        at com.vmware.vim.vmomi.core.types.impl.DefaultDataObjectFactory.newDataObject(DefaultDataObjectFactory.java:25)

vCenter Server 7.0

vCenter Server 8.0

To configure AD over LDAPS, we must provide the certificates used by the respective domain controllers (for example: primary server certificate and secondary server certificate used for LDAPS).
This issue is caused when the certificate file contains each domain controller name/IP address in the subject alternative name (subjectAltName) field of the certificate, or the same certificates are present on multiple domain controllers (primary and secondary server).

To work around this issue, provide both LDAP servers URLs (primary and secondary server URL) in the “Edit Identity Source” screen, but only provide a single certificate file while browsing for the certificate.

KB article with steps to configure an Identity Source in vCenter Single Sign-On (SSO) : Configuring a vCenter Single Sign-On Identity Source using LDAP with SSL (LDAPS)