• During a brownfield import in VMware Cloud Foundation (VCF) 9.x the import workflow fails and displays the following error:

  Error: Result status code from set datasource: 400

• domainmanager.log will display the following error:
  
  [yyyy-mm-dd hh:mm:ss,zzz] [CRITICAL] import_domain: Could not register extension in vCenter and create ESXi service accounts: (vmodl.fault.SecurityError) {
   dynamicType = <unset>,
   dynamicProperty = (vmodl.DynamicProperty) [],
   msg = 'Access to perform the operation was denied.',
   faultCause = <unset>,
   faultMessage = (vmodl.LocalizableMessage) [
      (vmodl.LocalizableMessage) {
         dynamicType = <unset>,
         dynamicProperty = (vmodl.DynamicProperty) [],
         key = 'com.vmware.vim.AuthorizationManager.lockdownModeProtection',
         arg = (vmodl.KeyAnyValue) [],
         message = 'The operation breaks lockdown mode.'
      }
   ]
}

VCF 9.x

This issue occurs because Lockdown Mode is enabled on the target ESXi hosts preventing the import workflow from creating the VCF service accounts.

To resolve this issue, temporarily disable Lockdown Mode on the affected ESXi hosts by following the steps in KB336894. Once disabled, you can successfully reattempt the brownfield import workflow.