• Deployment of vSphere with Tanzu fails almost immediately.
• Create Resource Pool and Delete Resource Pool tasks fail. They are repeated in the vCenter's tasks and events bar.
• The following entries are found in the vCenter WCP Services log - /var/log/vmware/wcp/wcpsvc.log
  
  YYYY-MM-DDTHH:MM:SS.sssZ warning wcp [opID=XXXXXXX-domain-XX] Unable to create root entities in vCenter for domain-XX. Err soap.soapFaultError:ServerFaultCode: The user or group named 'vpxd-extension-######-####-####-####-######' does not exist.

YYYY-MM-DDTHH:MM:SS.sssZ error wcp [opID=XXXXXXX-domain-XX] Could not set read-only permissions on entity ResourcePool:resgroup-XXXXX.

This is due to a missing localos identity source.

To validate if the localos is missing, perform the following:

1. SSH to the vCenter using root credentials.
2. Run the command:
   
   sso-config.sh -get_identity_sources
   
   
3. Output should contain:
   
   ********** IDENTITY SOURCE INFORMATION **********
IdentitySourceName : localos
DomainType : LOCAL_OS_DOMAIN

Note: Make sure to take powered off snapshots of all vCenter's before running the below steps as it will make edits to the vmdir database.

1. Stop the vpxd service:
   
   service-control --stop vpxd
service-control --stop vpxd-svcs
   
   
2. Create the localos identity source:
   
   sso-config.sh -add_identity_source -type 'localos' -i 'localos'
   
   
3. Confirm that the localos identity source has been created:
   
   sso-config.sh -get_identity_sources

Example Output
   
********** IDENTITY SOURCE INFORMATION **********
   
   IdentitySourceName        :  localos
   DomainType                :  LOCAL_OS_DOMAIN
   
   
4. Start the vpxd services:

service-control --start vpxd
service-control --start vpxd-svcs
   
   
5. Retry the workload management enablement.