Greeting everyone. I’m literally at my wits end, concede defeat, acquiesce, etc. I really need some help. 😞
I’m Running ESXi 6.7 on an HPE Proliant 380 G9 Server. The keyboard in iLO and the DCUI is set to "US".
No matter what I’ve tried, I can’t login via SSH or the web console however, I can ONLY login to the DCUI.
At the web console I keep getting the error: "Cannot complete login due to an incorrect user name or password."
This is a test server so it’s not mission critical but still super annoying because I can’t figure it out. Thus far I have:
NONE of the above have solved the incorrect password problem. I still can NOT login via SSH or ESXi web console.
FYI: “Configure lockdown mode” is greyed out.
Separate issue but preventing me from entering proper commands in DCUI: I also noticed when I go to the command prompt in DCUI, I'm not able to type characters like, underscore and question mark. When I press those keys I get the dash and forward slash instead and it doesn't matter if I press "Shift" in conjunction or not, I also tried using the "shift" in the virtual keyboard but that didn't work either.
I'm probably making some stupid mistake, sorry in advance. lol
Some guessing.... is there something (Monitoring system!!) that will try to login into your new installed ESXi? If so than most likely the account will be locked because of the default security baseline which add in ESX 6.x some time ago. All network logins will be blocked and only the physical DCUI will be usable.
If you are logged into ESXi on the console try
[root@esx-node-04:~] pam_tally2 --user root
Login Failures Latest failure From
root 1 12/25/21 23:19:30 unknown
and check the status. You can unlock the account by resetting the counter back to 0 by using the "-r" switch. The login failure are also logged and you can see the source system which causing the problem. IIRC the default possible is 6 wrong login try followed by 10min wait time. If you have a monitoring which tries it several time per minute it will locked the account for ever 🙂 I have these often when re-using existing IP addresses.
If you have enable Lockdown than its clear why you cant login as "root" trough anymore trough the wire. Without special conifugration this Host can only be managed through a vCenter Server.
Regards,
Joerg
Joerg,
I forgot to mention in my first post that this was connected to VCenter server. However, I did change the static IP address AND I reinstalled ESXi (with option to format the drive), so I don't understand how it could have any connection left to VCenter server.
Also, I'm NOT able to type (or copy and paste) the underscore character so I can't type the command you posted. I'm accessing the server via iLO and DCUI via iLO's HTML 5 Remote connection. I currently do not have direct access to the physical server. The server is at my house and I'm on vacation...not at my house. lol
ILO is your physical access... so login into ESXi shell and try the pam_tally2 (try tab,tab,tab).
Normaly a modern ILO also contains a virtual Keyboard so please try this also.
Regards,
Joerg
Yes I know iLO is my "virtual" physical access and I did login to ESXi shell but again, I'm not able to type the underscore character. I have no idea why it will not type that character and it doesn't matter what key combo I press i only get ------- that's it, never ____
Just type pam followed by pressing that TAB key multiple times. The shell will complete the command.
Regards,
Joerg
OMG, so Firefox is lame, I switched to Edge and I can now type the underscore character (__) WTF Firefox?? I'm locked out of ESXi shell now, so I have to wait before I can try the pam command. I'll report the results once I have access again.
You should be able to login into ESXi shell/DCUI even when the account is locked. Only SSH and Hostclient cannot be used with a locked root account.
Regards,
Joerg
Ok, so when I try and login using Edge, I get invalid password (see screen pics) but I can login just fine with Firefox.
HOWEVER, Firefox will not allow me to type the underscore character BUT Edge will allow me to type an underscore character. WTF ???
I switched to Chrome.lol I've also attached the results of pam_tally2
I would assume that FF + ILO have messed up your choosn password and thats why youre able to login with FF on the console but not with SSH, Hostclient or the Edge browser because now your password doesnt match any more.
If you manged to login with FF+ILO to the shell try to find out which keys work as expected and than try to use "passwd" on the command line to change it.
Also... try to log into ILO twice which different browser.. use FF first and after log into the shell switch to Edge and see how it differs.
Regards,
Joerg
Joerg,
First off, THANK YOU for all your help!!! I switched to Google Chrome browser and was able to access DCUI and change the password using "passwd" command you provided and wouldn't you know it, now I can access the ESXi host.
Again, THANK YOU SOOOO MUCH!!
Youre welcome.