Find in this documentation the step by step solution for our Hypervisor ROOT account lock due to possible password sync issues.
To apply this guide you must be granted access to IPMI and the current Root password
Unlock Root account
Step 1: From IPMI open remote console to access Esxi DCUI
- While on console, use the virtual keyboard to open direct console user interface (DCUI) by pressing CTRL+ALT+F2 or in some occasions it could be F2
* you can open the console in htlm, java is not a must for this task
- Login to the DCUI to enable ESXI shell console, the correct Root password is required for this step
Step 2: Go to Troubleshooting options to enable Esxi shell console
- Press enter to access the option panel
- If the console is already enabled you would find this
- If console is not yet enable you'll see the option available to select, simply press enter to enable it.
Step 3: Access Esxi shell console
- From virtual keyboard press CTRL+ALT+F1
- Log in with correct root credentials
Step 4: Show number of failed attempts to logging
pam_tally2 --user root
Step 5: Unlock root account
pam_tally2 --user root --reset
Who is blocking the account?
- This blocking situation, often appears after a reset password where the sync process does not succeed to update all services. This could result in some addresses still having on their log the old password an will continue to do so, until someone kindly updates it
- Use the following command to see the address involve in the locking
grep Rejected /var/log/hostd.log
in the above example you see 172.16.254.3 (Luna) and our address to issue : 10.1.1.29
To exit press ALT+F2