ESXi hosts managed in an HPE Alletra or Nimble storage environment may experience persistent root account lockouts and multiple configuration check failures. Users may observe the following symptoms:

• "Cannot login root@IP" errors in vCenter events despite correct credentials.

• Major alerts for ESXi root password rule, ESXi Ramdisk Space Rule, and ESXi Logging Rule.

• Authentication failures in /var/log/auth.log or "Function not implemented" errors when attempting to update passwords.

• Persistent failed login counts in pam_tally2 originating from the storage management appliance IP.

VMware vSphere ESXi: 7.x, 8.x

The primary cause is an identified bug in specific HPE Alletra/Nimble array firmware versions following an upgrade.
This bug causes the management appliance to continuously attempt logins with incorrect or stale credentials, triggering the ESXi account lockout policy.

• Lockdown Mode: Verification confirmed that Lockdown Mode was Disabled on affected hosts, ruling out vSphere security restrictions as the source of the root login failures.

To resolve this issue, please perform the following:

1. Apply Storage Patch: Contact HPE/Nimble support to apply the known patch fix for the authentication bug introduced in the recent array upgrade.

2. Update Credentials: Ensure the ESXi root credentials stored within the Alletra/Nimble management interface match the current host password.

3. Reset Account Lockouts: Log into the ESXi shell and clear the failed login tally using: pam_tally2 --user root --reset.

4. Reregister Plugin: If authentication issues persist between vCenter and the array, reregister the HPE storage plugin from the vCenter Server.

Ensure that Port 22 (SSH) is open between the vCenter Server and the HPE appliance to facilitate credential synchronization.