The root account of the ESXi hosts can be locked due to many failed login attempts. In this instance, you will not be able to connect to the host via web GUI or SSH. This can be due to many reasons, such as expired credentials / Brute force attacks and can cause Monitoring systems. Most of the time, I ended up with monitoring system related issues.
So, today we will look at the resolution steps.
There are requirements to be checked in advance following the below steps
Need physical console access or DCUI access (either using the iLO/iDRAC console)
The steps are as below (commands are in Italic and Bold)
1. Login to the DCUI console with the root credentials (do not worry you can access)
2. Enable SSH and shell access under the “Troubleshoot options”
3. Go to view logs and select syslogs and find the causing IP address
4. Then come back to DCUI main menu and press Alt + F1 to get the console
5. Execute the command pam_tally2 –user root to check how many failures and to identify the causing the IP address (in my case, the IP address of the monitoring system)
6. If you are confident on the source IP, you may unlock the root account by executing the pam_tally2 –user root –reset command
7. Just monitor for 15 minutes, if you notice re occurring failed attempts, you will have to change the IP or Power off the source (which we identified in step 3 & 5)
8. If you don’t notice any issues, you are good to go.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
1 year 24 days
Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
5 months 27 days
This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.