ESXi 6.x root Account Locked Out– root User Access Denied
In every latest version of vSphere ESXi, VMware is trying to tighten the security of ESXi. Recently, I faced an issue that I was unable to log in on ESXi using SSH after multiple wrong password attempts to root account from my colleague. However, I was able to login using DUCI (Direct User Console Interface). When an attempt to logging using SSH, an error appears as below.
/usr/lib/vmware/misc/bin/tally_vob.sh failed: exit code 1
Solution for ESXi root Account Locked Out:
Step 1: Login on DUCI using F2, Select “Troubleshooting Options” and Press Enter
Step 2: Select “Disable ESXi Shell” and Press Enter, You will see status will change from Disabled to Enabled in right side window.
Step 3: Select “Disable SSH” and make sure that SSH is enabled or you can enable as we did for Shell in Step 2.
Step 4: While you are in DUCI, Press ALT+F1, You will get prompt, Enter the User name as root and password to log in.
Step 5: You can see the number of login failure by using the following command
pam_tally2 –user root
Step 6: To Unlock the ESXi root account, you can run the following command
pam_tally2 –user root –reset
Step 7: Now try to login using SSH & you will be logged in as root successfully.
Step 8: You can use ALT+F2 to get DUCI back as normal ESXi interface.
Reference: VMware KB 1 , VMware KB 2