Yves' Blog

Unlock ESXi root account from host client


As I do quite a bit of lab development and support I see often people lock themselves out of the ESXi web based host client. Keep in mind this only locks you out from ssh and the web console. Password lockout is NOT active on the console/DCUI. Below is how you reset the counter and regain access.

Procedure to unlock the ESXi host account at the console

  1. At the console press CTRL+ALT+F2 to get to the ESXi shell. If a login shows up continue with step 3, otherwise continue with step 2.
  2. Login to the DCUI (to enable the ESXi Shell if not already done)
    1. Login with root and the correct password.
    2. Go to Troubleshooting Options
    3. Select Enable ESXi Shell
    4. Press CTRL+ALT+F1
  3. At the ESXi shell login with root and the password
  4. Run the following commands to show number of failed attempts:

    pam_tally2 --user root
  5. Run the following command to unlock the root account:

    pam_tally2 --user root --reset