• The issue is observed after upgrading the RDU VC from version 8.0 GA / 7.0 to version 8.0 U2.
• While trying to configure Azure AD as identity provider the UI errors with  : "Could not create indirect identity provider: Failed to read from HVC Settings Store WS1 namespace"
• Logs on the vCenter server : /var/log/vmware/trustmanagement/trustmanagement-svcs.log

YYYY-MM-DDTHH:MM:SS.949-04:00 [pool-3-thread-1 [] WARN  com.vmware.vcenter.trustmanagement.vapi.util.VapiClientConnection  opId=] Caught exception invoking stub type interface com.vmware.vcenter.settings.namespaces.Items. Marking connection invalid so that it can be re-established. Exception was: NotFound (com.vmware.vapi.std.errors.not_found) => {
    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
    id = items.invalid.namespace,
    defaultMessage = Invalid namespace: ws1,
    args = [],
    params = <null>,
    localized = <null>
}],
    data = <null>,
    errorType = NOT_FOUND
}


VMware vCenter Server 8.0.2
VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x

This issue is caused due to the Identity Provider configuration is partially imported during the VCSA upgrade using Reduced Downtime Upgrade (RDU) methodology

The issue is resolved in vCenter server 8.0U2b Build 23319993.

Note: Ensure there is a valid backup/offline snapshot of the VCSA prior to implementing the workaround. Refer to VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice.

As a workaround, execute the below steps:

• Log in to the vCenter Server via SSH.
• Download the script fix-hvc-ws1-read-error.sh attached to the article.
• Copy the script to the /tmp directory using SCP.In case of connection errors, Refer to Toggling the vCenter Server Appliance default shell
• Execute the script by navigating to /tmp folder:

chmod +x /tmp/fix-hvc-ws1-read-error.sh

        ./fix-hvc-ws1-read-error.sh

• Once the script has been executed successfully, proceed with configuring the Identity provider.