ESXi 6.x root Account Locked Out– root User Access Denied

In every latest version of vSphere ESXi, VMware is trying to tighten the security of ESXi. Recently, I faced an issue that I was unable to log in on ESXi using SSH after multiple wrong password attempts to root account from my colleague. However, I was able to login using DUCI (Direct User Console Interface). When an attempt to logging using SSH, an error appears as below.

/usr/lib/vmware/misc/bin/tally_vob.sh failed: exit code 1

root account locked

Solution for ESXi root Account Locked Out:

Step 1: Login on DUCI using F2, Select “Troubleshooting Options” and Press Enter

ESXI Troubleshooting Options
Step 2: Select “Disable ESXi Shell” and Press Enter, You will see status will change from Disabled to   Enabled in right side window.

Enable ESXi Shell
Step 3: Select “Disable SSH” and make sure that SSH is enabled or you can enable as we did for Shell in Step 2.
Step 4: While you are in DUCI, Press ALT+F1, You will get prompt, Enter the User name as root and password to log in.

ESXi Shell Login

Step 5: You can see the number of login failure by using the following command
pam_tally2 –user root

ESXI Shell root Account

Step 6: To Unlock the ESXi root account, you can run the following command
pam_tally2 –user root –reset

ESXI root Lockout Reset

Step 7: Now try to login using SSH & you will be logged in as root successfully.

Step 8: You can use ALT+F2 to get DUCI back as normal ESXi interface.

Reference:  VMware KB 1 , VMware KB 2

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More