• Unable to login to vCenter Server using domain account credentials and the following error is received on the UI: 
  

  An error occurred while fetching identity providers. Please try again later. If the problem persists, contact your administrator

• The embedded identity source does not populate correctly in vCenter UI under Administration > Configuration > Identity Provider

The issue happens because of vmware-trustmanagement service down due to a race condition during the service startup sequence. 

The same can be confirmed by running the following command on the vCenter Server's SSH: 

service-control --status --all

This issue is fixed in vCenter version 9.0.2.0.

To prevent the race condition from happening in vCenter versions 9.0.0 and 9.0.1, perform the following commands:

cp /usr/lib/vmware/site-packages/cis/svcaccount_prestart_util.py /root/svcaccount_prestart_util.py.backup

sed -i "s/AUTHZ_OPERATIONS_NOT_SUPPORTED_SVCACCOUNTS = \['sts', 'serviceaccountmgmt', 'vpxd-svcs-user', 'cis-license'\]/AUTHZ_OPERATIONS_NOT_SUPPORTED_SVCACCOUNTS = \['lookupsvc', 'trustmanagement', 'sts', 'serviceaccountmgmt', 'vpxd-svcs-user', 'cis-license'\]/" /usr/lib/vmware/site-packages/cis/svcaccount_prestart_util.py

service-control --stop --all && service-control --start --all

Should anything fail to operate as expected, you can roll back this change by performing the following commands:

cp /root/svcaccount_prestart_util.py.backup /usr/lib/vmware/site-packages/cis/svcaccount_prestart_util.py

service-control --stop --all && service-control --start --all

This can occur 90 days after the vCenter Server is deployed. The issue comes from a race condition affecting trustmanagement, sts, and lookupsvc services during an occurrence of internal service account rotations.