The vCenter Server Appliance (VCSA) root account password has expired at the OS level. This expiration breaks the communication link between the SDDC Manager and the vCenter Server, resulting in a Disconnected status within the SDDC Manager Password Management interface. While existing vCenter services remain operational, administrative lifecycle management tasks are blocked.

Impact:

SDDC Manager cannot rotate or manage credentials for the affected workload domain, preventing routine maintenance, automated patching, and security compliance updates.

VMware Cloud Foundation 

SDDC Manager 

This behavior is expected when password rotation policies are enforced at the Appliance OS level. When the root password expires locally on the VCSA, the credentials stored in the SDDC Manager database become invalid. Consequently, the SDDC Manager loses the ability to authenticate, breaking the synchronization and management chain.

Step 1: Reset the vCenter Root Password

Before the SDDC Manager can be synchronized, the password must be manually updated on the appliance itself.

• Action: Log in to the VCSA via the Console or SSH (if permitted) to reset the password.
• Reference: Reset vCenter Server Appliance root password

Step 2: Remediate in SDDC Manager

Once the password is functional on the VCSA, the SDDC Manager database must be updated to match.

1. Log in to the SDDC Manager Dashboard.
2. Navigate to  Inventory > Password Management.
3. Locate the affected vCenter account in the list.
4. Click the Ellipsis (...) (three dots) next to the account and select Remediate.
5. Input the New Password established in Step 1.
6. Click Save.

Step 3: Verify Status

• Ensure the account status transitions from Disconnected to Active.
• Perform a test rotation or validation check to ensure the communication link is fully restored.

Note: If the Management domain vCenter root password expires, the SDDC Manager GUI will become inaccessible.