There is a known-issue (KB article) where a tenant can lose connectivity to the identity store and prevent vCAC from working properly. It is a major pain if you encounter the issue within your environment and led me to spend several hours trying to fix within my own vCAC environment that is acting as the self-service portal for Hadoop-as-a-Service.
The first thing to note is that the KB article insists this will fix the issue immediately. That was not my experience. In fact, after going through the commands of the KB article, my environment still failed to connect to the Active Directory identity store and I had to open a support case with VMware to further address the problem. Ironically the first suggestion from the support personal was to re-execute the commands an additional time. Since I had already done so twice, I was flippant in thinking it would change the result, but sure enough going through the command set an additional time (3rd in this case) resolved the issue for my environment.
For reference purposes, here is the KB article from VMware:
