By default, 10 failed logins to ESXi will lock the account. vCenter opens up a few options for changing a password (setting a new password with a host profile being the obvious one that springs to mind) and unlocking accounts but what about standalone hosts?
Assuming strict lockdown mode isn’t enabled (plzno) and that a secondary account isn’t available, there is a workaround.
Login to the DCUI with a “locked” account is allowed. Head over to the console, hit F2 and log in.
Head to Troubleshooting Options and Enable ESXi Shell
Type alt + F1 to launch an ESXi shell from the DCUI, then log in with the same credentials.
Reset the count of failed login attempts
pam_tally2 --user root --reset
Type exit then alt + F2 to return to the DCUI.
Login through the web client and SSH should once again be possible.