ESXi Lockout (Cannot complete login due to an incorrect user name or password)

When ESXi is open to the internet without any firewall in place, it is prone to brute force attacks. As a security measure, ESXI will combat this by temporarily disable logging in via the Web Interface or SSH after several incorrect login attempts. 

Assuming you still have access physical access to the server or via a Remote Console (through IPMI) you can easily reset the lockout allowing you to log in again.

At the console of the ESXi host, press F2 to log in first. If you have not enabled the shell yet, you may do so under Troubleshooting OptionsEnable ESXi Shell. Navigate back to the main menu using the Escape key.

To now access the shell, press the key combination ALT + F1. (ALT + F2 returns to the main menu).

Now to actually reset the lockout, enter the command below:

pam_tally2 --user root --reset

To prevent this happening in the future, it is recommend to disable SSH and configure a firewall so only certain IP addresses may reach the ESXi host's web interface.

No Comments
Back to top