Information
The ESXI host must enforce password complexity. Based on recommendations such as NIST 800-63B Section 5.1.1.2, it is suggested that composition rules, such as mandating mixtures of character classes, should not be enforced on systems as they often fail to enhance password security and discourage the adoption of more secure passphrases. Password strength and complexity rules are applicable to all ESXi users, including the root user. However, when the ESX host is joined to a domain, these rules do not apply to Active Directory (AD) users as password policies for AD users are enforced by the AD system.
Solution
Get-VMHost -Name $ESXi | Get-AdvancedSetting Security.PasswordQualityControl | Set-AdvancedSetting -Value "similar=deny retry=3 min=disabled,disabled,disabled,disabled,15 max=64"