Reconnecting an ESXi Host to vCenter Server fails with the error: Rejected password for user vpxuser
search cancel

Reconnecting an ESXi Host to vCenter Server fails with the error: Rejected password for user vpxuser

book

Article ID: 323622

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

Symptoms:

  • Host(s) might show in disconnected status in vCenter Server.
  • Attempting to reconnect a host to vCenter Server might throw below error:

A general system error: Timed out while waiting for vpxa to start

  • The log of the host daemon on the ESXi host(s), /var/run/log/hostd.log, contain(s) errors similar to below: 
    YYYY-MM-DDThh:mm:ss Wa(164) Hostd[2098778]: [Originator@6876 sub=Vimsvc.HaSessionManager opID=WorkQueue-########-#### sid=########] Rejected password for user vpxuser from <vCenter_ip> - session=#####
YYYY-MM-DDThh:mm:ss In(166) Hostd[2098778]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID-WorkQueue-########-#### sid-########] Event 5619 : Cannot login vpxuser@<vCenter_ip>
  • Disconnecting and reconnecting the ESXi host(s) as per Host Summary page reports, Cannot synchronize host or Quick stats on <Hostname> is not up-to-date. does not help in connecting the ESXi Host(s) back to vCenter Server

Environment

  • VMware vSphere 6.x
  • VMware vSphere 7.0.x
  • VMware vSphere 8.0.x

Cause

This issue occurs when there is a mismatch between the vpxuser password that is cached on the ESXi host and the one stored in the vCenter Server database.
Similar issues can be seen if the account password expired since the host was disconnected from the vCenter Server.

Resolution

To resolve the issue, follow the steps below:

 

In ESXi versions prior to 8.0 Update 3

  • Connect to the host(s) via SSH and login using the root account
  • Stop the vpxa service: 
    # /etc/init.d/vpxa stop
  • Restart the hostd service: 
    # /etc/init.d/hostd stop && /etc/init.d/hostd start
  • Run the following command to delete the existing vpxuser account: 
    # esxcli system account remove -i vpxuser
  • Start the vpxa service: 
    # /etc/init.d/vpxa start
  • Reconnect the ESXi host(s) in vCenter Server using their respective root credentials

 

In ESXi 8.0 Update 3 and later versions

  • Connect to the host(s) via SSH and login with root
  • Stop the vpxa service: 
    # /etc/init.d/vpxa stop
  • Create backup copies of the files /etc/passwd and /etc/shadow 
    # cp /etc/passwd /etc/passwd.bak
# cp /etc/shadow /etc/shadow.bak
  • Edit both files using the VI editor and remove the lines starting with vpxuser from each of both
  • Without restarting vpxa, reconnect the host in vSphere Client. This will result in an authentication error:

  • Following this error, the "Add Host" wizard will automatically open, asking for valid host credentials. Provide the root account and password and follow the wizard to reconnect the host

 

Additional Information

To further change the expiry duration of the vpxuser account, refer Configure Expiry Settings for the vpxuser Account

Powered by Wolken Software