I often see people, including myself, lock themselves out of the ESXi web-based host client. It only locks you out from ssh and the web console. Password lockout is NOT active on the console/DCUI. Below is how you reset the counter and regain access.
Procedure to unlock the ESXi root
First, you need to gain ILO/IMM/IPMI or physical access to the server.
- At the console, press ALT+F1 to get to the ESXi shell. If a login shows up continue with step 3, otherwise continue with step 2. Change back to the login screen with ALT+F2.
- Login to the DCUI (to enable the ESXi Shell if not already done)
- Login with root and the correct password.
- Go to Troubleshooting Options
- Select Enable ESXi Shell
- Press CTRL+ALT+F1
- At the ESXi shell login with root and the password
- Run the following command to unlock the root account:
pam_tally2 --user root --reset