I am writing to report abnormal behavior of my ESXi version 6.0 U2 servers
The computer problem is simple but quite annoying (and dangerous), it is access through vSphere interface on Windows clients.
When I try to access it from my computer with the vpshere client (he also upgraded to the latest version) is returned to me the message "can not complete two login to an incorrect username or password"
The credentials used to access are correct but the system seems not transpose correctly.
If I enable SSH password it is not recognized, however, and the error is the same.
I read the guide to the errors:
but I do not find resolution to my problem.
Vmware server has no special configuration and use the classic root account, yesterday I upgraded from 6 to 6 U2 but it has not changed
Mysteriously after a few hours you unlock the interface and the login is completed without errors
You can guide me to the resolution?
and welcome to the forums!
Are you saying that - after waiting some hours - you are eventually able to log in? Then the root account might have been temporarily locked out. See my blog post here for more information:
meanwhile, thanks for the warm bevenuto the forum, it is a pleasure to meet and talk to you about topics that fascinate us and make us work and sweat a lot
I actually checked the parameter that indicavi and I think you did the center.
I have some doubts, however, about, I'll explain the situation:
- My esxi is not accessible directly from the outside, for obvious safety reasons,
- In the internal network is installed and configured a backup system (Nakivo http://www.nakivo.com/) that performs constant bailouts of all the VM machines on my 6.0 U2
- Access through the latter program is via SSH and root account
- I access my vsphere also using the user root
My questions at this point are:
- Why the account is locked for X seconds if the passwords entered are correct? In this case there are no attempts failed login (the password that I enter is correct)
- We have other installations, very similar. At other clients (at least 5). Esxi same version of the same backup system, same configuration with ssh access by the root user. In these cases, however, I have never encountered similar cases. I am puzzled
Do you think the nakivo freezes somehow the SSH connection, and therefore the user its root?
Maybe I can get it to connect via SSH with a different user created specifically?
Or should modify only on the parameters that you specified in the previous post?
I think we are getting closer to the solution
I attach a screenshot of my situation on the log, you see there are many blocked access and also to other types that do not recognize (Java ??)
Thank you for the valuable support
the screenshot of your events clearly show that root account lockout because of failed logins is your issue.
See e.g. the events of today, 10:41:54, and before: "Remote access for ESXi local user account 'root' has been locked for 120 seconds after 268 failed login attempts".
That means someone or something is trying to connect as user root using a wrong password, and this is happening quite frequently. You should also find an event for each failed login that reads like
"Cannot login root@<IPAddress>"
prior to the Lockout message. Find these events (try using a filter like "Cannot login root") and you will know from what machine the failed logins are coming.
If you are sure that only the Nakivo Backup servers are talking to ESXi then make sure that they all really have the correct root password configured.
I had this issue in our Lab. Password automatically reset to blank and have to reset and then reconnect from vCenter.
I think its a bug (not sure).
I solved by rest password from DCUI (existing leave as blank). While logging just leave password field blank.
I think I found the guilty
Incorrect configuration (and dangerous) on the firewall that was previously created and never modified
Basically a rule that opened the SSH port 22 was active towards the internet, so horde of connections attempted to authenticate (I assume in brute force) via SSH on vmware with root account.
Consequently ESX blocked the root user
I realized it was the fault of the door open ssh consulting the authentication log on the web vpshere interface. They could see a lot of external ip attempting to authenticate ... ARGH!
It was easier than I imagined
Keep monitored the situation but I think I came to the solution
Thank you all for the valuable support, we surely will write again !!