ESXi: 6.0 - 'root' lock out cause by pam_tally with correct credentials

Dear all,

I am using the ESXi free edition version 6.0.0 (2494585) and once a week I have a problem with the vSphere client which cannot connect to the ESXi host. I narrowed the problem down to the new feature to lock account using pam_tally in the case of failed logins.

The SSH port is protected by the ESXi hosts own firewall configured via host -> configuration -> Security profiles. There, I defined two IPs for SSH server and vSphere Web Client. Hence, I expect that only the configured IPs can connect to the server. In the auth.log I cannot see any other than the allowed IPs. The logins are cause by scripts that always use the same credentials but every Friday, the access is somehow blocked:

2015-10-30T09:39:35Z sshd[3067862]: pam_unix(sshd:session): session opened for user root by (uid=0)

2015-10-30T09:39:35Z sshd[3067861]: User 'root' running command 'some command'

2015-10-30T09:39:35Z sshd[3067862]: User 'root' running command 'some other command'

2015-10-30T09:39:35Z sshd[3067861]: Received disconnect from allowed IP: 11: disconnected by user

2015-10-30T09:39:35Z sshd[3067861]: pam_unix(sshd:session): session closed for user root

2015-10-30T09:39:35Z sshd[3067862]: Received disconnect from allowed IP: 11: disconnected by user

2015-10-30T09:39:35Z sshd[3067862]: pam_unix(sshd:session): session closed for user root

2015-10-30T09:44:34Z sshd[3069026]: Connection from allowed IP port 20228

2015-10-30T09:44:34Z sshd[3069027]: Connection from allowed IP port 20229

2015-10-30T09:44:34Z sshd[3069028]: pam_tally2(sshd:auth): user root (0) tally 117, deny 10

2015-10-30T09:44:34Z sshd[3069037]: pam_tally2(sshd:auth): user root (0) tally 118, deny 10

2015-10-30T09:44:36Z sshd[3069026]: error: PAM: Authentication failure for root from allowed IP

2015-10-30T09:44:36Z sshd[3069027]: error: PAM: Authentication failure for root from allowed IP

2015-10-30T09:44:36Z sshd[3069055]: pam_tally2(sshd:auth): user root (0) tally 120, deny 10

2015-10-30T09:44:36Z sshd[3069064]: pam_tally2(sshd:auth): user root (0) tally 121, deny 10

Do you have any idea what can cause this? I would like to add a dedicated user for each script to identify the cause. Can you tell me which privileges are required for a user to execute any shell script?