Root login fails on ESXi web client, or CLI with invalid password error
search cancel

Root login fails on ESXi web client, or CLI with invalid password error

book

Article ID: 426293

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Unable to log in as the root user to a newly installed ESXi host via the  Web Client, or Command Line Interface (CLI). While the password works correctly for the Direct Console User Interface (DCUI).

Symptoms:

  • Authentication failure alerts for the root user in the host logs.
  • No evidence of other IP addresses attempting to log in or causing a lockout.
  • The issue persists even after reinstalling the ESXi host
  • When entering credentials in the DCUI or DCUI shell, the username appears in capital letters (e.g., ROOT) rather than the standard lower-case format
  • In ESXi host /var/run/log/auth.log, you see entries similar to the following,

[YYYY-MM-DDTHH:MM:SS]Er(35) login[2099406]: [module:pam_lsass]pam_do_authent icate: error [login:root ][error code:2]
[YYYY-MM-DDTHH:MM:SS]Er(35) login[2099406]: [module:pam_lsass ]pam_sm_authent icate: failed [error code:2]
[YYYY-MM-DDTHH:MM:SS]Wa(36) login[2099406]: pam_authenticate call failed: Authentication failure (7)
[YYYY-MM-DDTHH:MM:SS] No(85) login[2099406]: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty=char/tty
/1 ruser= rhost= user=root

[YYYY-MM-DDTHH:MM:SS] Er(35) login[2099406]: [module:pam_lsass]pam_do_authent icate: error [login:root ][error code:2]
[YYYY-MM-DDTHH:MM:SS] Er(35) login[2099406]: [module:pam_lsass ]pam_sm_authenticate: failed [error code:2]
[YYYY-MM-DDTHH:MM:SS] Wa(36) login[2099406]: pam_authenticate call failed: Authentication failure (7)
[YYYY-MM-DDTHH:MM:SS] No(85) login[2099406]: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty=char/tty
/1 ruser= rhost= user=root

Cause

The Caps Lock is enabled on the physical keyboard attached to the keyboard. This causes the password character casing to be inverted during entry, resulting in an authentication failure.

Resolution

  1. Verify if there is a physical keyboard attached to the server.

  2. Check the Caps Lock indicator on the physical keyboard and disable it if it is active.

  3. Reset the password through the DCUI. For more information, see Changing an ESXi host root password. 

  4. Log in using the root username and password via the Web Client or SSH

Powered by Wolken Software