This article provides the steps to retrieve the ESXi service accounts from SDDC Manager.

Symptoms:
Unable to SSH into an ESXi host with the stored root credentials on SDDC.

VMware Cloud Foundation 4.x

1.SSH into the SDDC Manager
2.Elevate to root with su
3.Create a token on the SDDC Manager. (You will need to update the password value)

TOKEN=$(curl -d '{"username" : [email protected], "password" : "updatepassword"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')

4.Pull the credentials from SDDC.

curl -k -X GET -H "Authorization: Bearer "$TOKEN"" --insecure 'https://localhost/v1/system/credentials/service' | json_pp | less

5.Record the service name and the password from the output.
   {
      "serviceType" : "SDDC_MANAGER",
      "entityId" : "91894bc0-eac5-4707-98fe-a2f2a4678251",
      "username" : "svc-vcf-esxi-02",
      "id" : "688d8117-a4d3-4b41-8ec4-6c302a61ad5e",
      "entityType" : "ESXI",
      "targetType" : "ESXI",
      "serviceId" : "2f7a158d-e299-4793-b294-9e3c0c0dcb79",
      "secret" : "p#8I^4M2$xDdBwF6*a7G",
      "credentialType" : "SSH",
      "creationTime" : 1652959021796,
      "modificationTime" : 1652959021796

Once you have the service account password you can connect to the ESXi host to clear out a root lockout or to reset the root password.