I often see people, including myself, lock themselves out of the ESXi web-based host client. It only locks you out from ssh and the web console. Password lockout is NOT active on the console/DCUI. Below is how you reset the counter and regain access.
Procedure to unlock the ESXi root
First, you need to gain ILO/IMM/IPMI or physical access to the server.
At the console, press ALT+F1 to get to the ESXi shell. If a login shows up continue with step 3, otherwise continue with step 2. Change back to the login screen with ALT+F2.
Login to the DCUI (to enable the ESXi Shell if not already done)
Login with root and the correct password.
Go to Troubleshooting Options
Select Enable ESXi Shell
At the ESXi shell login with root and the password
Run the following command to unlock the root account:
Most of the time you would want to use VMware Update Manager when doing upgrade. Its part of vCenter and is necessary tool when having to maintain your environment. But for smaller deployments, with standalone hosts and no vCenter the following upgrade methods are desired and can help the upgrade time. Instead of having to upgrade with IPMI and an ISO.
This method is for getting the update online, no need to download ISO/offline bundles, etc. This will work for most of the upgrade use cases.
1: Connect to your ESXi host via the host client and enable SSH. Afterward ssh to the ESXi host and enable ESXi firewall rule to allow the host to access the internet.
esxcli network firewall ruleset set -e true -r httpClient
2: With the beneath command you will get a list of available ESXi packaged that are on the VMware repos. Enter this command to list all available profiles. We filter only those which are relevant to our case – upgrade to ESXi 6.7
4. After it’s done, you will need to restart the host, after its rebooted you will run on the new ESXi version.
Custom, with Offline bundle:
This method is for when you desire to install a custom update, or that your hosts down have access to the internet.
1: Download the offline bundle from the VMware webpage, in this upgrade I will use an HPE custom version. But if you run a generic version, that will also work.
2: After downloading the “VMware-ESXi-6.7.0-8169922-depot.zip” file, place it (upload it) to a datastore which is visible by your ESXi host. Best would be a local datastore if this host has some. If not, it can also be a shared datastore too.
3: Find the profile name from the depot offline bundle
esxcli software sources profile list -d /vmfs/volumes/prd.r60lun01/ISO/VMware-ESXi-6.7.0-Up
Put your host into maintenance mode, enable SSH if you haven’t done yet.
3: Execute this command to upgrade your ESXi 6.x to 6.7
Had en interesting problem where a ESXi host only showed it had 30GB of memory, but the motherboard was populated with 6*8GB modules. In earlier versions of ESXi 5.5< it was possible to use dmidecode to show how the physical hardware was populated. But since 6.0> that have been removed.
The new command to find those kind of information are now “smbiosDump”
smbiosDump | grep -A 6 'Memory Device'
You can also just run smbiosDump without any paramenters and you get a hole lot of information to crawl through.