vCenter appliance: Quickiest way to reset root password

Symptoms

For versions prior to VCSA 6.7 Update 1, see Resetting root password in vCenter Server Appliance 6.5 to 6.7 U1.

  • Logging in to the root account of vCenter Server Appliance (VCSA) fails.
  • The root account of the vCenter Server Appliance 6.7 U1 and later is locked or account is expired.
  • Forgot the root password.

Purpose

This article provides steps to reset the root password if you have lost or forgotten the existing root password for a VCSA 6.7U1 and later.

Cause

With the change within VCSA 6.7 U1, the SSO user who is part of SystemConfiguration.BashShellAdministrator group will be able to log in to Bash shell and can call any commands using sudo and without password. This aims at reducing the gap between the root and SSO administrator user. The user has to enable shell to log in to the bash shell. By default, the user will be logged into appliance shell.

Resolution

Process to Reset the Root Password in VCSA:

  1. Connect SSH to VCSA 6.7 and login using administrator@vsphere.local where vsphere.local is your default SSO Domain. ​​​​​
  • If disabled, enable SSH using the VAMI ( https://<vcenter_fqdn>:5480 ).
  • Can login as administrator@vphere.local or any other member of the SSO administrators group.
  • Enable or Disable SSH and Bash Shell Access.
  1. If first time logging in, enable shell then enter shell.
  • shell.set –enable true
  • shell
Use the commands to enable the shell. shell shell.set --enable true shell
  1. Once in shell as sso-user, run the below command to change to root shell.
  • sudo -i
  • Alternately, you could use the command: sudo passwd root
  1. Then once in root shell, run passwd to change the root password.
  • passwd
Use the passwd command to reset the root password
  1. Now you can exit the session by running the exit or logout command and then log in through a new SSH session using your root account with updated password. Alternatively, you could run the su command in order to be prompted for the root password and get access as root.
Note: If the administrator@vsphere.local password is not available, please refer to Resetting root password in vCenter Server Appliance 6.5 and later.

Related Information

For 7.0U1 and 6.7P03 there are a few changes:

  1. The root user will be prompted for resetting the password when they try to SSH to the machine if expired or expiring.
  2. You can also log in to VAMI using SSO administrator and reset the root password from there.
  3. Email notification is sent earlier to prevent from having the root password expired.
  4. An alarm will be triggered in vsphere-ui to notify the user about the password expiry.

How to reset the lost or forgotten root password in vCenter Server Appliance 6.7 U1 and later (75174) (vmware.com)

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close