Join the party. This happens regularly and for no apparent reason. I have Nutanix in a completely isolated test environment and it happens all the time. Depending where you are at in the process this may work.

allssh sudo faillock --user admin --reset

What is odd to me is that even though you cannot log into the web interface as admin due to too many failed logins, you can still ssh using the same account.

Most of the times, this is due to some third party application (or scripts somewhere) that are using the admin account with an old password. That is why you should always use a separate account for this. 

I have since remedied the issue I was having and it was backup software using an old password. I am interested in the findings I made while troubleshooting the issue.

I was able to ssh into the box as admin (even though webUI was locked out) but I was unable to execute any commands with sudo. I had to ssh login as nutanix then I could run the faillock reset via sudo. Once I had done that and logged back in as admin, I could then run the sudo commands successfully. I don’t understand the disconnect. If nutanix user was not available I would have been stuck.

I have added another user for backup purposes.

Hello everyone, thank you for your reply.

I'd like to provide an update on the issue.

The error message later changed to 'Incorrect password.'

After changing the admin password via SSH, I was able to log in successfully.

However, the same issue occurred the next day, and checking the password change time (chage -l admin) revealed that it had been reverted to an earlier date.

This issue has now been resolved through Nutanix support;

it’s possible that another user changed the admin password, and the backup software continued using the old password, causing this problem.

The issue was resolved by guiding the process of resetting the admin password on all CVMs via SSH and executing cluster_sync restart.

Additionally, a new account was created for the backup software to use.

I suggest integrating Prism with Active Directory and utilizing AD-based third-party service accounts in an RBAC approach.

Right...and if you don’t use Active Directory? Not everywhere is a Microsoft stronghold.

The actual issue was a backend process within Nutanix. Patching to the latest versions has cleared it up.