VCF 5.2

This issue occurs because the password provided during the "Add Host" wizard violates the ESXi host's internal Password History policy.

The ESXi security policy (managed by PAM) prevents the reuse of recently used passwords. If the password being injected by the VxRail Manager is identical to the current password or one of the previously used passwords stored in the host's history buffer, the passwd command inside the host will reject the update, causing the VxRail deployment task to fail.

To resolve this, you must temporarily disable the password history requirement on the target ESXi host(s) to allow the VxRail automated task to proceed with the existing password.

Step 1: Disable Password History on the ESXi Host

1. Log in to the ESXi Host Client directly (https://<ESXi_IP>/ui) using root credentials.

2. Navigate to Manage > Settings > Advanced System Settings.

3. In the search box, type: Security.PasswordHistory

4. Select the setting and click Edit.

5. Change the value to 0 (this disables the "remembered passwords" check).

   • Note: The default value is typically 5.

Step 2: Retry the Add Host Operation

1. Return to the vSphere Client.

2. Navigate to the VxRail Cluster > Configure > VxRail > Hosts.

3. Locate the failed host addition task.

4. Click RETRY.

Step 3: Re-enable Security Policy (Post-Success)

Once the host has been successfully added to the cluster:

1. Return to the Advanced System Settings on the ESXi host.

2. Change Security.PasswordHistory back to its original value (e.g., 5) to maintain security compliance.

Refer Error "Password has already been used. Choose another" while changing the root password on ESXi host.