vCenter patching fails due to incorrect nomenclature of wcp roles. This will lead to patching vCenter Server to 8.0.3 failing at 80% with error "Exception occurred in postInstallHook for wcp:Patch" as shown in below error screenshot:

In /var/log/vmware/applmgmt/PatchRunner.log : Notice the WCP role "CNS-Datastore",  "CNS-SEARCH-AND-SPBM" 

The failure is caused because privileges cannot be granted to, CNS-Datastore, as it doesn't exist. In the list of WCP roles in vSphere UI, it is incorrectly mentioned as "CNS Datastore". 

YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users Privileges to be assigned to role: [{'System.Anonymous', 'Datastore.AllocateSpace', 'Datastore.FileManagement', 'System.Read', 'System.View'}]. Privileges currently assigned to role: [{'System.Anonymous', 'Datastore.FileManagement', 'Datastore.AllocateSpace', 'System.Read', 'System.View'}]
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users No new privileges to grant to CNS-Datastore
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users Checking if privileges should be updated for role {'id': '1031', 'name': 'CNS-SUPERVISOR-SEARCH-AND-SPBM', 'description': 'Allows storage administrator to see Cloud Native Storage UI. ', 'priv_ids': ['System.Read', 'System.Anonymous', 'System.View', 'Cns.Searchable', 'StorageProfile.View']}
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users Privileges to be assigned to role: [{'System.Anonymous', 'System.Read', 'System.View', 'Cns.Searchable', 'StorageProfile.View'}]. Privileges currently assigned to role: [{'System.Anonymous', 'System.Read', 'System.View', 'Cns.Searchable', 'StorageProfile.View'}]
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users No new privileges to grant to CNS-SEARCH-AND-SPBM
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users No new privileges to grant to CNS-HOST-CONFIG-STORAGE-AND-CNS-VM
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users Successfully loaded authz roles, added 0 new roles
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch INFO roles_groups_users Checking if role names should be updated for CSI role {'id': '1090', 'name': 'CNS-SUPERVISOR-DATASTORE', 'description': 'Allows performing read, write, delete, and rename operations in the datastore browser. ', 'priv_ids': ['System.Read', 'System.Anonymous', 'System.View', 'Datastore.AllocateSpace', 'Datastore.FileManagement']}
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch ERROR wcp Failed to apply patch %s! Error: %s.
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch ERROR wcp Not all patches were applied. Latest applied patch is 1
YYYY-MM-DDTHH:MM.MSSZ wcp:Patch ERROR vmware_b2b.patching.executor.hook_executor Patch hook 'wcp:Patch' failed.
....
patch_errors.ComponentError
2026-02-06T00:08:14.984Z WARNING root stopping status aggregation...
2026-02-06T00:08:14.985Z ERROR __main__ Patch vCSA failed

The expected role is present and built for use by the WCP service on vCenter, but is named incorrectly in VMDIR. The most common presentation of incorrect naming appears when users in VMDIR have spaces in their name:

CNS DATASTORE in place of CNS-DATASTORE

or CNS SUPERVISOR HOST CONFIG STORAGE AND CNS VM in place of CNS-SUPERVISOR-HOST-CONFIG-STORAGE-AND-CNS-VM

Process to identify spacing in Roles in VMDIR :

/opt/likewise/bin/ldapsearch -v -h localhost -p 389 -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -w 'SSO_PASSWORD' -b "dc=vsphere,dc=local" -s sub | grep vmwAuthzRoleName

Expected output:

vmwAuthzRoleName: CNS Datastore
vmwAuthzRoleName: CNS SEARCH AND SPBM

==========

When vCenter Server is integrated with Vanilla CSI+Kubernetes, refer to the following Patching vCenter Server to 8.0 U3 fails at 80% and 95% with error "Exception occurred in postInstallHook for wcp:Patch"