• Localos user account was created within vCenter Server. See Create a Local User Account in vCenter Server
• Localos user account was locked due to 3 times failed logins within 15 minutes.
• The user account is not automatically unlocked after 24 hours.
• "Unable to authenticate user" error messages are prompted in continuous login attempts.  

• VMware vCenter Server 8.0.x

Starting from 8.0 U2, the unlock policy in vCenter Server changed from pam_tally2 to faillock. The default unlock time is 86400 seconds (24 hours) based on the settings of /etc/security/faillock.conf:

dir = /var/log/faillock
audit
silent
deny = 3
unlock_time = 86400
even_deny_root
root_unlock_time = 300
fail_interval = 900

The unlock policy only works on root account. The other local account is locked after 3 times failed login attempts within 15 minutes which will not be automatically unlocked until it is manually reset by the root account. 

1. Log in to vCenter Server via SSH as root and run the following command to check if the local user account has been locked:

   /usr/sbin/faillock

   If the output shows Failures is 3, the account is locked. For example:

   # /usr/sbin/faillock
Login           Failures    Latest failure         From
observability       0
root                0
<local_user_name>   3       2025-04-17 05:15:53    passwd

2. To unlock the account, run the following command:

         /usr/sbin/faillock --user <local_user_name> --reset