Here is a guide on how to unlock root access in ESXi or vSphere 6.5 & 7..
Why do we need to unlock root access?
Answer: This is done to regain access to SSH and Web management, root lockout usually happens when there are several attempts on logging in to the server (bruteforce attack) as part of built-in security feature of ESXi/vSphere.
How do we know if root lockout was enforced?
Answer: Try logging in to DCUI or Direct Console User Interface of the Server thru iDRAC/iLO or directly attaching KVM (Keyboard,Video,Mouse) to the said server and use the root credentials. If you were able to logged-in to the DCUI and you can’t access them via SSH or Web then root lockout might be enforced, you may proceed below for further verification and resolution.
What we will do once we able to access the DCUI?
Answer: Follow the steps below:
- Login using root credentials
- press Ctrl+Alt+F2 to access the ESXi Shell
- Execute the following command to check Failure attempts:
pam_tally2 --user root
Sample Result below, you will notice high number of Failure value
- Execute the following command to reset/unlock root lockout and repeat step #3:
pam_tally2 --user root --reset
Sample Result below, you will notice the failure count will be 0.
- Try to access the Web UI and login the root credentials:
What we will do once we can’t access the DCUI using the root credentials?
Answer: There is a possibility that your root password was changed or compromised. I’ll be writing another blog on how to reset ESXI root password.