Search
  • Hans Kraaijeveld

VMware 6.* ESXi root account locked out



Isn't it bothersome? You have just locked out your ESXi root account, normally, not much to worry about, since the default policy will also unlock the account in two minutes. This excerpt is from the VMware vSphere 6.5 documentation:

ESXi Account Lockout Behavior Starting with vSphere 6.0, account locking is supported for access through SSH and through the vSphere Web Services SDK. The Direct Console Interface (DCUI) and the ESXi Shell do not support account lockout. By default, a maximum of ten failed attempts is allowed before the account is locked. The account is unlocked after two minutes by default.

But what if some unknown system is hammering the root account causing it to lock out constantly and you want to find out "whodunnit"? Ivo Beerens has documented this nicely, you can find his blog entry right here:

https://www.ivobeerens.nl/2018/01/02/esxi-root-account-locked/

His blog entry shows that you can use the DCUI to gain access and view the correct logs to see where the authentication attempts are coming from. I had to use it more than once, hope this helps someone else as well!


5,387 views