I am panicing. I have no other explanation at this point. I am scared that I have been hacked.
I have three separate computers running ESXi 6.5 (old hardware). Today I was working without incident on one box. At some point I tried to login to the 2nd box. Both of my two accounts get the response of invalid login or password at both the web-frontend and DCUI. I still cannot get it. I tried to get into the 3rd and got the same issue. I opened a separate tab and tried to login to the first with the root account and got the same response - invalid username or password. Since I was still logged into the first in another tab, I changed my root account password.
I rebooted all three machines. I can get into the first using the changed password. I still cannot get into the second. And the third suffered a hardware hard drive failure and I cannot boot. That machine will probably be recycled.
The only thing I can think of that I did in the last 24 hours to the network is standup my own NTP server - a Raspberry Pi connected to a USB GPS unit.
Can anybody think of any way that this could have happened other than by manual human intervention?
I don't see any other indicators of hacking activity. And my question isn't about hacking in general, but specifically about the symptoms displayed by my three independent ESXi boxes.
Is it the same when you try to login to the DCUI, and/or the console (if activated).
André
Are you trying to log in with the root account, a local account, or an AD account?
Yes. With both accounts. Each box had the root account and one superuser account.
Both local accounts on each machine. Both attempting through the DCUI/ physical console and the web frontend.