Due to consistent wrong password by application OR user, root a/c of ESXi may get locked out. This prevent any further login externally to ESXi host.
This happens most likely due to backup/monitoring application that has root user a/c configured the operation.
To solve this issue.
- Take Console access (iDRAC/ILO/KVM..etc depending on hardware).
- Press F2 to customize the system. Log in as root.
- Use the Up/Down arrows to navigate to Troubleshooting Options > Enable ESXi Shell.
- Press ALT+F1, login as root. Run the following commands to show number of failed attempts:
pam_tally2 --user root
- Run the following command to unlock the root account:
pam_tally2 --user root --reset
Now you should be able to login to ESXi using root a/. You can review hostd log to find out from where failed login coming.
less /var/log/hostd.log |grep -i 'password' 2019-07-31T17:08:51.735Z info hostd [Originator@6876 sub=Default 2019-07-31T20:51:07.055Z warning hostd [Originator@6876 sub=Default opID=esxui-fca4-b52f] Rejected password for user root from 192.168.214.108 2019-07-31T20:51:11.056Z verbose hostd [Originator@6876 sub=Solo.Vmomi] Arg password: 2019-07-31T20:51:39.634Z warning hostd [Originator@6876 sub=Default opID=esxui-c6d2-b54a] Rejected password for user root from 192.168.214.108
Based on IP address check if any application configured with incorrect root password.
Please note in ESXi 6.5/6.7, invalid login may cause host to be unresponsive. Review KB for proactive steps.