ESXi 6.5 Brand New Install "Cannot complete login due to an incorrect user name or password"

[MikhailCompo]

I have just installed 6.5 using pen drive, no issues, all installed fine.

Set a password, it clearly works because I can login to the console using the KVM on the server.

Using the IP, prompted for creds but i am rejected every time. Using root as the username as no other users have been setup yet.

What is going on??

I have successfully tried changing the password from P@ssw0rd to Abcd123! in case it was the US/UK "/@ issue. Again, the password was successfully changed (confirming i know what it is) but still cannot login using the web console.

WTF is happening?!?!? Very very annoying, i dont see what else i can do!?

Any assistance appreciated.

 

[MikhailCompo]

i have tried "administrator@domain.local" as the username also, with the same result.

 

[MikhailCompo]

Went over to the server room, rebooted the server, and I can now login. Never seen that before,....

 

[MikhailCompo]

...It happened again if anyone is interested! Needed another reboot.

I am trying to deploy the VMSA to it which has failed a couple of times, so I am assuming it might bafffecting the lockdown feature in some way?? That seems unlikely as i am not getting to the config stage however, it fails during depoyment (due to an unrelated DNS issue).

 

[Tom5051]

Have you set the default login domain in vCenter?
Also unless you changed the domain name during installation, the default is administrator@vsphere.local

The web client login page helpfully suggests domain.local but it is not the default install domain name.

edit: I just realised you are not talking about vCenter. I have seen this once before when using special characters in the root password on the host. Try a basic alpha numeric password and see if the issue is still there.

 

[MikhailCompo]

Cheers Tom, i thought that and tried an alpha numeric but it kept saying it didnt meet the complexity.

Does vCenter increase the complexity in the pw policy?

 

[Tom5051]

Cheers Tom, i thought that and tried an alpha numeric but it kept saying it didnt meet the complexity.

Does vCenter increase the complexity in the pw policy?

vCenter does have a password policy. Administration -> Single Signon (configuration) -> Policies (Tab) -> Password Policy. Try relaxing the settings a bit to see if it helps.

 

[Morteza Khazamipour]

Went over to the server room, rebooted the server, and I can now login. Never seen that before,....

i had same issue with ESXi 6 , Disabling SSH and ESXi shell solved the problem

 

[Harry P. Nyce]

Strangely enough i ran into this exact issue last evening. Ended up rebuilding my ESXi host to use a custom VMware Cisco image anyway, so never really did work around it. I was able to log into the console fine, but once i updated the password from within there, i fully locked myself out. Didn't bother rebooting, it's homelab -- rebuild it. It's all so very new, i need the repetitions.

 

[sfu420]

My server was running since 130 days and suddenly I couldn't log in to the UI anymore. I didn't want to reboot it, thus i found a solution to solve it:
Go to the console, press F2, log in, go to Troubleshooting Options and there choose Restart Management Agents
Go back to the UI and log in as always.
That's it!

 

[Danic]

I had similar issue. But not on a fresh install. On almost all of out ESXi free servers we have SSH enabled for remote management via external agent. Our poorly configured MSP Agent was checking to see if it could log on as root via ssh. This would cause a lock out on both SSH and WebUI but no local console. The lockout period was longer than the re-try interval of our agent thus permanently locking us out. You can disable the lockout policy via local console so you can enter your server and quickly search the logs to find the culprit.

 

[msg7086]

I can confirm that ESXi 6.5 (or maybe starting from 6.0) will automatically locks the account if too many failed attempts occurred on SSH login. This can easily happen if your server is exposed to WAN or some automated scripts, and you have SSH enabled.

You can try either:
1) Disable lockout policy
2) Create a new account and assign admin access to it
3) Disable SSH when you are not using it

 

[fishtacos]

I can confirm that ESXi 6.5 (or maybe starting from 6.0) will automatically locks the account if too many failed attempts occurred on SSH login. This can easily happen if your server is exposed to WAN or some automated scripts, and you have SSH enabled.

One of my esxi servers occasionally loses the ability to log in via root - I need to either reboot or reset the password via a host profile application. It is also the host that runs the pfsense instance. The thing is, the WAN connection is isolated on VLAN 2, which only pfsense is connected to. Your comment makes me wonder if that is what's happening to me as well... although I don't see how ssh for the esxi host is exposed to the Internet in any way.

 

[msg7086]

Maybe you can check the event log -- failure login attempt should leave some trail in the log. Prepare yourself a different root account, and when that happens try to log in using the other account.