• AD users are not able to log into vCenter Server
• Log in attempts receive errors such as : Invalid Credentials, Bad Username or Password
• vCenter Server was previously joined to AD Domain and users could log in.
• vCenter Server has recently experienced a change of FQDN.

vCenter joined to Active Directory

Joining the domain creates a trust relationship based on Machine-ID/ hostname, and IP. If you change the name of the machine, that breaks the trust relationship.

The resolution is to rejoin the Active Directory Domain.  

To rejoin the domain, you must first remove any assigned SSOs that use that domain.

1. Take a backup of your vCenter
2. Take a snapshot of your vCenter
3. Take a screenshot of your SSO settings
4. Remove any SSO's tied to the same domain.
5. Leave the Domain
6. Remove the Machine/Computer Account from Active Directory if it doesn't go away automatically.
7. Reboot vCenter
8. Rejoin the Domain
9. Reboot vCenter
10. Reconfigure your SSO.

These instructions are for standalone vCenter's. ELM mode may require more considerations and steps. If you have vCenters in ELM mode, please open a ticket with Broadcom before continuing.

See the tech docs  "Join or Leave an Active Directory Domain", and "Add or Edit a vCenter Single Sign-On Identity Source"