• TMC SM deployment pre-check fails with : 

INF [FAILED ] STEP 01/13 [Pre-check install configurations]

ERR error running pre-check verification: Pre-check failed

INF THE OPERATION IS FAILED

ERR Failed to install TMC-SM error="install execution error: step pre-check install configurations running error: error running pre-check verification: Pre-check failed"

• Pre-check results ERROR with

failed to connect to server:
LDAP Result Code 200 "Network
Error": tls: failed to verify
certificate: x509: certificate
relies on legacy Common Name
field, use SANs instead

TMC SM requires the Active Directory Domain Controller's LDAPS certificate to comply with modern security standards.

The certificate validation is failing because it uses the legacy Common Name (CN) field for server identification and does not include the server's FQDN in the required Subject Alternative Name (SAN) extension, causing the TLS handshake to be rejected.

Ensure that Domain Controllers are configured with LDAPS certificates that include the server's Fully Qualified Domain Name (FQDN) in the Subject Alternative Name (SAN) field.

Query the SAN name of the LDAPS server using the below command on any Linux machine (such as TMC SM, vCenter server etc): 

openssl s_client -connect <Active_Directory_FQDN>:636 2>/dev/null | openssl x509 -noout -text | grep -A 1 'Subject Alternative Name'