Lockdown mode has been enabled directly on the Direct Console User Interface (DCUI) of the ESXi host, instead of enabling it through vCenter Server.
The permissions for the DCUI user were removed from the ESXi host.
Resolution
To resolve this issue:
Disable lockdown mode through the DCUI and then enable it through the vCenter Server instead. The vCenter Server does not keep track of lockdown mode state changes that initiated outside of the vCenter Server itself.
Log directly into the ESXi host.
Open the DCUI on the host.
Press F2 for System Customization.
Disable lockdown mode by toggling the Configure Lockdown Mode setting.
If the DCUI shows that Configure Lockdown Mode is greyed out, the DCUI user permissions may be missing from the host.
Log into the host directly using the vSphere Client.
Click the Permissions tab.
Right-click anywhere on the blank part of the screen and click Add Permission.
Add the dcui user and select Administrator for the Assigned Role.