Host-based backup of VMware vSphere VMs.
Post Reply
AndrewAdvnetsol
Service Provider
Posts: 23
Liked: 2 times
Joined: Jan 24, 2020 6:06 pm
Full Name: Andrew Carmichael
Contact:

ESXi Root Account Locked

Post by AndrewAdvnetsol »

I am running Veeam Backup & Replication 9.5.0.1922 and ESXi 6.7 (build 8169922). My backup job fails with the error "Task Failed. Error: Cannot complete login due to an incorrect user name or password." I am unable to login to my ESXi host with the root user and password. What I have discovered from not being able to login to other ESXi hosts with the root user is that the root account is locked. If I connect to my host using SSH and run the pam_tally2 --user root command it shows that there are currently 83 failures to login. If I run pam_tally2 --user root --reset I am able to login using the root account. Backup work for a while but then after a month or so, I don't remember exactly when this happened last, the root account is locked out again. Veeam is the only software I have that access the host. I contacted Veeam support, Case # 03970027, but they were not aware of any issues that might be causing this and suggested I reach out to VMware support, I don't VMware support.

This is what the Veeam support tech found and suggested.
Thank you for calling Veeam Support. On the phone you told me about an intermittent issue with your ESXi credentials occasionally being locked out. During a webex session we tested and confirmed credentials for this host.

We also ran a 'rescan' on this host, 192.168.171.249, and I noted that this seemed to take some additional time, but eventually the rescan was succesful.

In the HostDiscovery.Log (utils folder) I did see an entry for Failed to resolve DNS name. Host name: [192.168.171.249] but eventually it appears we were able to complete the rescan and update host information.

I found these articles in regards to password lockout for ESXi host.
https://docs.vmware.com/en/VMware-vSphe ... D4899.html

https://docs.vmware.com/en/VMware-vSphe ... 6BE43.html (note these appear to be for 6.5).


It is my next recommendation to loop in VMware support to see if they can see anything on their side in regards to failures with these credentials to see if they can provide us with additional information.
Gostev
Chief Product Officer
Posts: 31814
Liked: 7302 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: ESXi Root Account Locked

Post by Gostev »

What makes you think there's no other software trying to logon to that ESXi host? Did you analyze the network traffic to the host for all connection attempts? For example, someone or something may be scanning your network.
AndrewAdvnetsol
Service Provider
Posts: 23
Liked: 2 times
Joined: Jan 24, 2020 6:06 pm
Full Name: Andrew Carmichael
Contact:

Re: ESXi Root Account Locked

Post by AndrewAdvnetsol »

Because it is a very basic setup. We have one host running 3 VMs, a files server, a timeslips sever, and veeam server. Also when I looked at events on the host I only see 2 VMs, file and timeslips, trying to login to the host, which I assume is when the backup is running since it needs credential for the guest processing.
Post Reply

Who is online

Users browsing this forum: Baidu [Spider], Semrush [Bot] and 18 guests