Reset Locked ESXi Root Account

By default, 10 failed logins to ESXi will lock the account. vCenter opens up a few options for changing a password (setting a new password with a host profile being the obvious one that springs to mind) and unlocking accounts but what about standalone hosts?

Assuming strict lockdown mode isn’t enabled (plzno) and that a secondary account isn’t available, there is a workaround.

Login to the DCUI with a “locked” account is allowed. Head over to the console, hit F2 and log in.

Head to Troubleshooting Options and Enable ESXi Shell

Type alt + F1 to launch an ESXi shell from the DCUI, then log in with the same credentials.

Reset the count of failed login attempts

pam_tally2 --user root --reset

Type exit then alt + F2 to return to the DCUI.

Login through the web client and SSH should once again be possible.

Leave a Reply

Your email address will not be published. Required fields are marked *