Tuesday, September 3, 2019

ESXI Login Failure: Cannot Complete Login Due to an Incorrect User Name Or Password" message on ESXi login

"Cannot Complete Login Due to an Incorrect User Name Or Password" message on ESXi login, ESXi root has been locked due to multiple failed login attempts.


Symptoms:


VMware ESXi 6.0 and later versions showing message "Cannot Complete Login Due to an Incorrect User Name Or Password" while trying to login through vSphere Client and web client, even though we provide the correct credentials.

Same behaviour shows on ESXi 6.5 and ESXi 6.7 as well.

If you try to login Direct Console Interface (DCUI), ESXi will allow you to login with root account.


Login to DCUI, Press "F2", Go to  "View System Logs", choose "vodb" logs, Type "/locked" inside the log screen. It will display similar to below.



ESXI-ROOT-HAS-BEEN-LOCKED-FOR-900-SECONDS-VODB


Cause:


The ESXi "root" account is getting locked out due to multiple failed login attempts.

It may be because someone is trying to login to via ssh or vSphere client multiple times with wrong credentials.
Also there may be some application is integrated with ESXi with old or wrong credentials, Example: Backup Software or monitoring software.

Solution:


1) Login to ESXi Direct Console Interface (DCUI) with "root" account.

2) Press "F2", go to "Troubleshooting Options".
3) Enable "ESXi Shell" using "Enable ESXi Shell" Option and go back to main menu.
4) Press "CTRL+ALT+F1" to switch to "ESXi Shell"
5) Type Command "pam_tally2 --user root" to view total failed login attempt from root. 
from below example, There are 14 failed login attempt.


pam_tally2-user-root-esxi

6) Type Command "pam_tally2 --user root --reset" to reset the lock.



pam_tally2-user-root-reset-esxi

7) Now we will be able to login to ESXi via vSPhere Client or web client.


ESXi events showing the failed login attempts and "root" locked events.



ESXI-EVENTS-ROOT-LOCKED-FAILED-LOGIN-ATTEMPTS



Prevent The Account Lock Again

1. Login to ESXi via SSH (Enable SSH from ESXi settings if SSH not enabled)

2)  type Command "tail -100 /var/log/auth.log" to view last 100 events on auth.log
3) The result showing the source IP from where the failed login attempt is originated, In below example, the IP is "192.168.111.1"

2019-09-03T13:09:57Z sshd[2101425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.111.1  user=root
2019-09-03T13:09:59Z sshd[2101419]: error: PAM: Authentication failure for root from 192.168.111.1
2019-09-03T13:09:59Z sshd[2101419]: Failed keyboard-interactive/pam for root from 192.168.111.1 port 64744 ssh2
2019-09-03T13:09:59Z sshd[2101426]: pam_tally2(sshd:auth): user root (0) tally 6, deny 5

4. Identify the source machine and resolve the reason of multiple login attempt. 
Example: 
If the source IP is for backup software, reconfigure backup with latest ESXi Credentials.

5 comments:

  1. Thanks a lot, it has solved my problem

    ReplyDelete
  2. Thank you so much!

    ReplyDelete
  3. really its working, but it couldn't be logging in on that machine where wrong attempted was generated

    ReplyDelete

Enter Comments...