Unable to setup Azure AD with error "Could not create indirect identity provider: VMware Identity services unavailable."

vCenter was patched using RDU Workflow from 8.x to 8.0 U2

/var/log/vmware/trustmanagement/trustmanagement-svcs.log

2023-09-26T18:58:27.699Z [tomcat-exec-1 [] INFO com.vmware.vcenter.trustmanagement.authbroker.BrokerClient opId=] API request GET_CLIENT_CREDENTIALS_TOKEN to url http://localhost:1080/external-vecs/http1/vcenterFQDN/443/acs/t/HWS/token returned unexpected response code 400 and the following error information: {"error":"server_error","error_description":"Unable to generate the Token."}
2023-09-26T18:58:27.699Z [tomcat-exec-1 [] ERROR com.vmware.vcenter.trustmanagement.authbroker.BrokerClient opId=] VMware Identity services unavailable
2023-09-26T18:58:27.699Z [tomcat-exec-1 [] ERROR com.vmware.vcenter.trustmanagement.migration.IdpReplacer opId=] Failed to create
Auth Broker IDPcom.vmware.vcenter.trustmanagement.authbroker.BrokerException: VMware Identity services unavailable

Note: This failure can also happen during a multi step upgrade from 8.0 U1 to 8.0 U2 to 8.0U2 x

vc-ws1a-broker service configuration files get lost during RDU upgrade which leaves the vc-ws1a-broker service in a broken state.

• Issue is resolved in vCenter server 8.0 update 2b 

Workaround:

Run the attached shell script to be able to configure an external Identity Provider.

• Download the recover_ws1b.sh script attached and run it as follows:

bash recover_ws1b.sh <Admin user> <Admin password> <External IDP Client secret>

Unable to configure Okta or Azure AD (Entra ID) identity providers.