• Upgrade ESXi 6.x to ESXi 7.0 may cause a PSOD
• ESXi console displays:
  
  The system has found a problem your machine and cannot continue.
Configuration Upgrade Failure.
Please reboot to rollback to the older version.
Failed modules: /usr/lib/vmware/configmanager/upgrade/lib/libupgradeSecuritySettings.so
  
  
• ESXi - /var/run/log/configstore-upgrade.log shows a validation error.
  
  2023-11-02T09:10:42.178Z In(05) host-524620 [ConfigStore:198947385344:] [524620][/usr/lib/vmware/configmanager/upgrade/lib/libupgradeSecuritySettings.so] Invoking UpgradeConfig
2023-11-02T09:10:42.179Z Er(02) host-524620 [ConfigStore:198947385344:] [1083]Validation Error: '/account_unlock_time' Long value below minimum: 1
2023-11-02T09:10:42.180Z Er(02) host-524620 [ConfigStore:198947385344:] [1089] Failed to validate Set
2023-11-02T09:10:42.180Z In(05) host-524620 [ConfigStore:198947385344:] ConfigStoreException: [context] ... [/context]
2023-11-02T09:10:42.180Z Er(02) host-524620 [ConfigStore:198947385344:] [524620] /usr/lib/vmware/configmanager/upgrade/lib/libupgradeSecuritySettings.so] Upgrade failed rc: 1

VMware vSphere ESXi 6.5
VMware vSphere ESXi 6.7
VMware vSphere ESXi 7.0

This is due to the Security.AccountUnlockTime setting being set to 0 in ESXi 6.x.

There is no fix at this time.

Workaround

Change the Security.AccountUnlockTime to between 1 - 3600 and re-try the upgrade.

1. Log in to ESXi using Host Client.
2. Select Manage in the left window.
3. Select System->Advanced Settings in the right window.
4. Search for "account" in the search box.
5. Check and change the value of the parameter Security.AccountUnlockTime.

Configure the Passwords and Account Lockout Policy in the VMware Host Client