Thanks for your reply.
Since no one had answered, I ended up removing and reinstalling the vcenter appliance. Something in the SSO config was referencing an old IP address. The problem definitly wasnt DNS/AD related. I wonder if re-running the setup wizard could have solved it, but in this case a complete reinstall did the trick.
