Hi Jan. I think it may be due to the issue described under APARIJ31531 (VMware SSO expects only FQDN and you need to put an IP of the vCenter instance). Last time I checked on https://www.ibm.com/community/qradar/home/apars/ this APAR was still shown as OPEN.
I recall hitting a similar issue last year in my lab. However, some time afterwards it started working. I have vCenter's FQDN as log source identifier and I made sure that the forward and reverse DNS queries from my QRadar instance work properly.