Everyone knows the situation where you can’t log into a system because you have forgotten the password. The following article explains how to reset the password and regain access to VMware vSphere 6.5 core components including vCenter, SSO and ESXi Hosts.
- Reset vCenter Server Appliance 6.5 root password
- Reset SSO Administrator Password (vCenter Server Appliance 6.5)
- Reset ESXi root password with Host Profiles
- Gain Administrative ESXi access with an Active Directory
- Reset ESXi root password (Linux Live CD)
Reset vCenter Server Appliance 6.5 root password
The following method provides steps to recover the vCenter Server Appliance (vCSA) root password. The process is slightly different compared to previous versions as the OS has been changed to PhotonOS. The method is officially supported by VMware and documented in KB2147144.
- Take a snapshot of the vCSA to be able to rollback in case of any problems during password recovery.
- Connect to the ESXi Host that runs the vCSA and open a remote console.
- Reboot the vCSA
- Press e immediately after the system starts (When the PhotonOS screen shows up)
- Append rw init=/bin/bash to the line starting with linux
- Press F10 to boot
- In the command prompt, enter passwd and enter a new root password twice
- Enter umount / to unmount the root filesystem
- Reboot the vCSA by running the command reboot -f
- Verify that you can log in with the new root password and the snapshot created in step 1.
Reset SSO Administrator Password (vCenter Server Appliance 6.5)
The following method provides steps to recover the SSO administrator password on a vCenter Server Appliance (vCSA). The method is officially supported by VMware and documented in KB2146224.
- Log in to the vCSA using SSH as root
- Enter shell to start the bash shell
- Identify the SSO Domain Name (Default is vsphere.local)
# /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost
- Start the vdcadmintool
- Press 3 (Reset account password)
- The tool asks for the Account UPN to reset. Enter Administrator@<DOMAIN> (identified in Step 3)
- The tool generates and displays a new password.
- Use the password to log in with the vSphere Web Client and change the password.
Reset ESXi root password with Host Profiles
According to VMware KB1317898, “reinstalling the ESXi host is the only supported way to reset a password on ESXi”. However, there is a loophole as you can set the root password with Host Profiles under certain conditions. This method has two requirements:
- The ESXi hosts needs to be managed by a vCenter
- vSphere Enterprise Plus License is required to use Host Profiles
The vCenter uses a vpxuser to communicate with ESXi hosts, so it does not depend on the root account. As long as the ESXi host is managed by the vCenter, you can change the configuration without knowing the ESXi root password. This method works with all ESXi 5.x and 6.x versions.
- Create a Host Profile with the ESXi you want to reset the root password as reference Host
Web Client > Right-Click the ESXi Host > Host Profiles > Extract Host Profile…
- Navigate to the Host Profile and Actions > Edit Settings…
- Navigate to the root User Configuration
Security and Services > Security Settings > Security > User Configuration > root
- Set the Password configuration to Fixed password configuration and enter a new password.
- Click Finish to close the profile configuration
- Right-Click the Host Profile and Attach/Detach Hosts and Clusters…
- Highlight the ESXi host, Click Attach > and finish the configuration screen
- Put the ESXi host into maintenance mode
- Right-Click the ESXi host and Host Profiles > Remediate…
- Finish the remediation wizard. The remediation should take less than a minute, no reboot is required.
- Use the new root password to login