This post is a straight-to-the-point guide on how to reset a locked root account in ESXi using the DCUI and shell access.
Let’s jump right in.
Step 1. Access the ESXi Direct Console (DCUI)
Log in directly on the ESXi console with root credentials. Press F2 to open the System Customization menu, then navigate to Troubleshooting Options.
Step 2. Enable ESXi Shell
Enable the ESXi Shell in Troubleshooting Options.
Step 3. Open the ESXi Shell
Press Ctrl + Alt + F2 to switch to the shell. Log in as root.
Step 4. Check Failed Login Attempts
Run this command to see how many failed logins the root account has:
pam_tally2 -–user root
(In my case, it showed 6 failed attempts.)
Step 5. Reset the Root Lock
Clear the failed attempts and unlock the root account by running:
pam_tally2 –-user root -–reset
When you’re done, type exit to log out of the root shell. Then press Ctrl + Alt + F2 (or F1) to return to the DCUI screen.
Step 6. Verify and Secure
Try logging in again via the vSphere Web Client or ESXi Host Client. Don’t forget to disable ESXi Shell from Troubleshooting Options – no need to leave it open.