When attempting to create a new local user on an ESXi host using the command line interface, the operation fails. Specifically, when executing the esxcli system account add command, the following error message is displayed:

Password has been already used

This error prevents the provisioning of the required user account.

VMware ESXi

This issue occurs when a stale entry for the specific username remains in the password history file (/etc/security/opasswd), even if the user account itself was previously deleted. The ESXi authentication subsystem references this file to enforce history requirements. The presence of the lingering data causes the system to flag the new password attempt as a duplicate violation.

To resolve this issue, you must manually remove the stale entry from the password history file on the ESXi host.

1. Connect to the ESXi host via SSH.

2. Open the password history file for editing using the vi text editor:

   vi /etc/security/opasswd
   

3. Locate the line containing the specific username that is failing to be created.

4. Delete the line associated with that username.

   • (In vi, navigate to the line and press dd to delete it).

5. Save and close the file.

   • (In vi, type :wq and press Enter).

6. Retry the command to create the user:

   esxcli system account add ...

Manually removing the stale entry from /etc/security/opasswd clears the password history record for that specific user.