• When attempting to commission the new ESXi host(s) through SDDC Manager the following error is received even when credentials are good: "Unable to get Host Fingerprint, verify ESXi host connectivity or credentials or SSH access."
• The SSL thumbprint matches between the ESXi DCUI (F2 > View Support Information > SSL thumbprint listed in the right hand pane) and the SDDC Manager input.
• SSH connectivity from SDDC Manager to the ESXi host (ssh root@<esxi-fqdn>) is successful.
• On the operationsmanager.log file, entries similar to below are observed:

/var/log/vmware/vcf/operationsmanager/operationsmanager.log

YYYY-MM-DDThh:mm:ss DEBUG [vcf_om,67####cb,4##8] [c.v.v.h.c.s.i.CommissionHostsSpecValidator,om-exec-11] Validating host spec {"ipAddress":"###.###.###.###","hostfqdn":"<esxi-host-fqdn>","username":"root","password":"*****","storageTypes":["VSAN_ESA"],"networkPoolId":"7##4-6##8-4##5-9##9-f##1"}
YYYY-MM-DDThh:mm:ss INFO  [vcf_om,67####cb,4##8] [c.v.v.h.v.h.c.HostSpecConvertor,om-exec-11]  HostSpecConvertor::convertToHostSpec HostSpec {"ipAddress":"###.###.###.###","hostfqdn":"<esxi-host-fqdn>","username":"root","password":"*****","storageTypes":["VSAN_ESA"],"networkPoolId":"7##4-6##8-4##5-9##9-f##1"}
...
YYYY-MM-DDThh:mm:ss DEBUG [vcf_om,67####cb,4##8] [c.v.v.h.c.s.i.CommissionHostsSpecValidator,om-exec-11] IpAddress resolved for the host <esxi-host-fqdn> is ###.###.###.###
...
YYYY-MM-DDThh:mm:ss ERROR [vcf_om,67####cb,4##8] [c.v.e.s.c.c.v.esx.EsxCommandExecutor,om-exec-11] Failed to connect to <esxi-host-fqdn>
com.vmware.vim.binding.vim.fault.InvalidLogin: Cannot complete login due to an incorrect user name or password.

This issue occurs if the ESXi root password contains special characters that are not supported by the SDDC Manager 

While ESXi itself supports a broad range of characters, the SDDC Manager validation logic for host commissioning is more restrictive. Currently, the supported special characters for component passwords in SDDC Manager are: ! @ # $ ^ * which can be verified from SDDC Manager Update password wizard as well:

For more details on the password policy, refer Default password policy for rotated passwords in SDDC Manager

To resolve this issue, reset the ESXi host root password to comply with the SDDC Manager supported character set.

1. Check for Account Lockout: Before resetting the password, ensure the root account is not locked due to failed attempts by running this on the ESXi host: pam_tally2 --user root

   • If locked, run pam_tally2 --user root --reset

2. Reset Password: Change the ESXi root password to one that only uses the supported special characters (! @ # $ ^ *) by following Changing the ESXi host root password

3. Retry Commissioning: Navigate back to SDDC Manager and restart the Commissioning wizard.