ESXI 7 Unable To Login As Root

After upgrading some hardware, I decided that it might be wise to use ESXI 7 instead of 6.5. Turns out the move is proving to be some horrible nightmare, but I will spare (most of) the details.

For the ESXI DCUI (or "local yellow console"), I can install ESXI and do the basics as root.

However when it comes to the web interface I get a Cannot complete login due to an incorrect user name or password. The host is freshly installed, and I try to login right after I change the IP information.

Now based on the 3 other questions I've looked at, they all seem to discuss lockouts, lockdown, or some combination of the two.

None of these seem to fit my issue, but an answer does seem to mention removing vendor scripts running via cron jobs. I am using Dell's ISO of ESXI 7 Build 15843807.

To further add to the issues, when I enable SSH and try to login, I get an Access denied for the root user and password.

I've tried reinstalling twice, with a full clean install and overwrite, but I have had no luck.

Also the "lockdown mode" option in the DCUI is greyed out, but not enabled.

I'd like to be able to go the route of the answer mentioned above, but it looks as if that magic was done with SSH.

Another thing I'd like to look at (discussed elsewhere) is using the command pam_tally2 --user root but I have no idea where to run it.

This setup is a simple 1 ESXI host, without vcenter.

EDIT:

So I found out that you first need to enable the ESXI shell, and then press alt f1. So with pam_tally2 --user root I can see attempts I make in the Web Client fail. This makes no sense, as I am using the same password. I've tried copy-pasting it, typing it in on a virtual keyboard, and so on.

As a test, I reset the fail count, and find myself in the same place...

As an interesting note, I've tried changing the root password from the ESXI shell, with strong random 13 character passwords from Keepass and whatever recommended password given by the command. Both fail unless you meet additional criteria not listed in the console. Same thing happens on ESXI 6.7 update 3.


After spending the 2 hours today, and how many hours yesterday, I've found the answer.

There's a weird issue where ESXI's DCUI will accept certain passwords, but not accept them in the web UI.

This is probably one of the strangest issues I've seen.

Passwords I would use certainly met the requirements set out in the prompt from passwd root when changing them in the ESXI shell, and the installer wouldn't have issues accepting them either.

You will need to add additional characters (2 or 3 for each class) beyond what is spelled out in the ESXI shell prompt from passwd root.

That is beyond the additional starting and ending character requirements.

And if any one is interested, this same issue is repeatable on 6.7U3