• When checked the root password status of ESXi host in SDDC Manager's password management page, it appears as (--)
• While the service accounts do appear as Active
• Taking an SSH to the ESXi host works with the correct password
• Password operations like rotate, remediate, update work as well.
• Taking an SSH to ESXi via SDDC with strict host keys works as well:
  
  • ssh -o StrictHostKeyChecking=yes root@<EXAMPLE.COM>
• Log snippets:
  • Operations Manager Logs:
    • <Timestamp> DEBUG [vcf_om,<ID>] [c.v.v.p.s.PasswordExpirationService,om-exec-2] Expiry retrieval status : UNKNOWN ,  Diagnostic message : {"errorCode":"PASSWORD_VALIDATE_RESOURCE_NOT_SUPPORTED","arguments":["ESXi_hostname"],"errorMessage":"Password validation cannot be performed when host <ESXi_hostname> is in lockdown mode.","referenceToken":"<TOKEN>"}

SDDC 4.x
SDDC 5.x
SDDC 9.x

• This issue occurs if lockdown mode is enabled on the ESXi host.
• When lockdown mode is enabled on a ESXi host, any operation using root user details are considered as NOT PERMITTED operation. Hence, validation of current password for root user in lockdown scenario cannot be done currently.