When adding an Active Directory identity source using LDAP or LDAPS on the vCenter Server Appliance, the following error may appear during the provider connectivity probe:

• Cannot configure identity source due to Failed to probe provider connectivity [URI: ldaps://<LDAP Server FQDN or IP>]
  Caused by: Can't contact LDAP server

VMware vCenter Server 8.x

The LDAP server is not replying to the SYN messages sent by vCenter on the required LDAP or LDAPS port. This prevents the TCP connection from being established.

Verify network connectivity between vCenter and the LDAP server on the required LDAP or LDAPS ports.

1. Confirm routing between the vCenter network and the LDAP server network.

2. Review firewall rules to ensure TCP port 389, 636, or any custom LDAP or LDAPS port in use is allowed.

3. Verify that the LDAP server is listening on the expected port and accepting connections.

4. Use a packet capture on vCenter to validate traffic flow. Example:
   
   tcpdump -i eth0 -n host <LDAP_FQDN / IP> and port <port#>