Hi *,
i can access the ESXi console with my root & pw, but not the WebAccess with "root" & pw. The pw is the same, there are no spell / keyboard language issues.
We have a single ESXi 6.5 (4887370), no vCenter. No Domain Account, just local.
Best regards
Max
Hi,
if you some sort of monitoring server that is probing that host. it could be that the root account is locked out. you can change the lockout time to 0 and try it or fix the monitoring system to use the proper password and wait the default lockout time and you should be able to logon. But it sounds like something or someone is hammering that host with root logon using the wrong credentials.
Lionel.
so you can log in like over ssh using root&password but cannot access the host ui (https://hostname/ui) with the same credentials?
Or are you talking about the DCUI (yellow/black console window)?
It sounds like you're in lockdown mode. Try disabling it in the DCUI (HOW TO: Enable or Disable Lockdown Mode on VMware vSphere ESXi host | vStrong.info )
- I can login /w ssh to the shell
- I can login to the DCUI
- I cannot login to https://hostname/ui/#/login
In the yellow/black console, the option "Configure lockdown Mode" is greyed out.
You have to installed embedded client on ESXI.
If you have SSH access then install it using below command and retry via UI.
I think there is a embedded client already shipped with the GA of ESXi 6.5
I'd try to reset your password. You can do it on the shell or in the DCUI and try to login in with the newly set password on the host client.
If you can login to ssh and dcui you have access to the host. If there is no vCenter server you can't have lockdown mode.
Is there also the possibility, that the root account is locked out of the WebClient after too many retrys?
I did a reset of the password in the DCUI & tried to login:
- Login /w ssh to the shell - working
- Login to the DCUI - working
- Login to WebClient:
Still not working.
Hi,
if you some sort of monitoring server that is probing that host. it could be that the root account is locked out. you can change the lockout time to 0 and try it or fix the monitoring system to use the proper password and wait the default lockout time and you should be able to logon. But it sounds like something or someone is hammering that host with root logon using the wrong credentials.
Lionel.
Hi Lionel,
the root account was locked by Nagios monitoring - i just quit the checks & after 30min the root account was able to login to the WebClient.
Thank you for your help & best regards
Max
I don't have nagios monitoring so whats blocking me from accessing the client?
I can login in shell/ssh but not in client with root username
Hi ,
Same issue . root account is not locked and able to access through console not from web
Rebooting the host solved issue .
Rebooting the host did not work for me.
Is this related to correct IP address of the machine? I had to set a static IP.
Hi ,
if you have static IP then its good but it is not related IP .
You may have to disable the lockout or account lock . And reset management networks , host services or reboot is the options
What are you typing in the url?
Cause :- Root account is locked and some time monitoring system will not unlock automatically.
1. Try to login through SSH/WinScp/VI-Client/host UI on host after checked "lock-down mode"
2. If step #1 fail; Login on vCenter >>> Select Host >>> Security Profile >> Restart SSH service
3. Try to login through SSH/WinScp/VI-Client/host UI on host and root password would be working.
Note:- Starting with vSphere 6.x, account locking is supported for access through SSH and through the vSphere Web Services SDK. The Direct Console Interface (DCUI) and the ESXi Shell do not support account lockout.
A maximum failed attempts is allowed before the account is locked (login on host UI - https://hostname/ui >>>System>>>Advanced settings>>>Check "SecurityLockFailures" and "SecurityAccountUnlockTime")
Hello
if you have access to console enable shell and use the following commang for it' works well pam_tally2 --user root --reset.
Thanks to Kimi Thang http://kimizhang.com/unlook-root-account-for-vmware-esxi-host/
Have a nice day.
Eric
A reboot of the host solved the issue for me
You rule! Thanks, worked!!
Resolved.
I first usedESXXi 6.7 but could not log in.
I then used ESXi 6.7 update 2. now everything works. Dell power edge r720
Yes, reboot the host helps
Hello,
i can confirm Lionel's idea.
Here it happened after upgrading to ESXi 6.7 and changing the password. The inventory software "hammered" on the server trying to check the inventory.
After removing the device in the inventory software and rescanning the server the WebAccess worked again.