• In the SDDC Manager UI, navigating to Security > Password Management reveals that the ESXi host status is Disconnected.
• Password rotation or validation attempts for ESXi hosts fail.
• The SDDC Manager log file /var/log/vmware/vcf/operationsmanager/operationsmanager.log contains the following exception: "Password validation cannot be performed when host xxxx.xxx.xx is in lockdown mode" 

VMware Cloud Foundation (VCF) 9.x

SDDC Manager 9.x

VMware vSphere ESXi 9.x

SDDC Manager cannot validate or rotate passwords for ESXi hosts when they are in Lockdown Mode. In this mode, external operations like password management via SDDC Manager are restricted to prevent unauthorized access 

To resolve the Disconnected status and enable password management, disable lockdown mode on the affected host:

1. Identify the Affected Host:
   • Log in to SDDC Manager as a user with the Administrator role.
   • Navigate to Security > Password Management and locate the host showing the Disconnected status.
2. Access Host Settings:
   • Log in to the vCenter Server managing the host
     
     Disable Lockdown Mode:
     • Navigate to the Configure tab > System > Security Profile.
     • Locate the Lockdown Mode section and click Edit.
     • Select Disabled and confirm the change. 
       
       source: Enabling or disabling Lockdown mode on an ESXi host
3. Verify Status:
   • Return to the SDDC Manager UI and confirm the host status no longer shows as Disconnected.

Strict Lockdown Mode: In this mode, the DCUI service is stopped. If connection to vCenter is lost, the host becomes unavailable unless the ESXi Shell and SSH services are pre-enabled with defined Exception Users. If connection cannot be restored, a reinstallation of ESXi may be required

Managing Passwords for VMware Cloud Foundation Components