The test connection button was working for me with "reuse session" but I was getting "LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection" and "Failed to serialize response" when I actually said to use that configuration.
Error messages were in /var/log/vmware/sso/ssoAdminServer.log
vCSA and working for me:
Primary server URL:
Base DN for users:
<Only the domain, no other DN/OUs> DC=ad,DC=company,DC=com
Base DN for groups:
<same as users>
cert (*.cer) created for me from the FQDN AD/GC server listed in Primary server URL.
(VMware KB pointing to MS KB)
Created a "service account" user to connect.
The client needs the full ad.company.com\user, not shorthand domain to get in.