Windows OS Hub / Virtualization / VMWare / Reset Root Password in VMware ESXi

October 6, 2023 VirtualizationVMWare

Reset Root Password in VMware ESXi

According to the official VMware documentation, reinstalling ESXi from scratch is the only supported way to reset the root password (https://kb.vmware.com/s/article/1317898). You can also reset your password using Host Profiles (vCenter and Enterprise Plus license required). However, your ESXi host configuration will be completely lost after a reinstall. Virtual machine data and configuration files remain on the VMFS/NFS datastore and can be quickly imported to the host after reinstallation.

Actually, you can reset the root password on VMware ESXi without reinstalling if you boot your host using any Linux boot/rescue disk. It’s not difficult.

Contents:

If you have forgotten your root password, you will not be able to authenticate as root using the DCUI or the VMware Host Client web interface:

Authentication failed
Invalid login or password.

ESXI DCUI: unable to login as root

How to Reset ESXi Password Using Linux Live CD

ESXi stores user passwords (or rather their hashes) in the /etc/shadow file, which is stored in the local.tgz archive, which is archived in state.tgz. In theory, you could retrieve and decrypt the root password hash from this file, but this is only feasible for simple passwords. So it is better to set a blank current root password in the shadow file or replace it with the hash of a password you know.

Boot your ESXi host from any Linux LiveCD and open the console.

List disk partitions:

# fdisk –l

We need /dev/sda5 (in VMware terms, it is called bootbank) and /dev/sda6 (contains altrbootbank) partitions with the size of 1 GB in ESXi 7.x (in previous ESXi versions, the size of these partitions was 250 MB).

ESXi system partitions: sda5 and sda6

First, reset a password in the ESXi configuration in /dev/sda5. Create mount points and a directory for temporary files:

# mkdir /mnt/sda5
# mkdir /mnt/sda6
# mkdir /temp

Mount /dev/sda5:

# mount /dev/sda5 /mnt/sda5

Copy state.tgz file from sda5:

# cp /mnt/sda5/state.tgz /temp
# cd /temp

Unpack state.tgz:

# tar xzf state.tgz

There is another local.tgz archive inside, unpack it as well:

# tar xzf local.tgz

The etc folder appears in the current directory.

Edit the shadow file using any text editor:

# nano /temp/etc/shadow

This file contains the password hashes of the local ESXi users.

esxi root password hash in /etc/shadow

To remove the current password and set a blank password for root, clear the hash value. It should look like this:

Reset the ESXi root password to a blank one

Save your changes to the file, delete the old tgz archives, and repack them all:

# rm *.tgz
# tar czf local.tgz etc
# tar czf state.tgz local.tgz

Replace the state.tgz file on the sda5 ESXi partition:

# mv state.tgz /mnt/sda5

Unmount the partition:

# umount /mnt/sda5

In the same way, set a blank password in the passwd file on the sda6 partition (you should now be able to connect to ESXi with an empty root password).

Now you can restart your ESXi host and remove the bootable flash drive/image. You can connect to ESXi with an empty root password.

This password reset method works for all versions of ESXi (5.x, 6.x, 7.x, and 8.x) including the free VMware Hypervisor.

Be sure to set a new root password after signing in.

Reset ESXi Root Password Using VMware Host Profiles

If you have deployed vCenter and have installed vSphere Enterprise Plus licenses on hosts, you can reset the root password on any managed host using VMware Host Profiles. In this scenario, to apply VMware profile settings (and new root password) to an ESXi host, the vpxa privileged account is used, which is added when connecting a host to vCenter. This method allows you to reset the root password without rebooting the ESXi host.

  1. Connect to your vCenter and go to Policies and Profiles -> Host Profiles -> Extract Host Profile; VMware vCenter: Extract Host Profile
  2. Select your ESXi host and specify the name of the profile you want to save the settings to;
  3. Click on the profile and select Edit Host Profile;
  4. Go to Security and Services -> Security Settings -> Security -> User Configuration -> root;
  5. Set a new root password in the Fixed password configuration; Reset ESXi root password using vCenter Host Profile
  6. Then apply the profile to your ESXi host. It is recommended that you enable the maintenance mode for it (Maintenance Mode -> Enter Maintenance) and move all virtual machines to other hosts;
  7. Attach the profile to the host (Host profiles -> Attach Host Profile); Attach host profile in vCenter
  8. Then go to Host Profiles, select your profile, and click Remediate;
  9. To apply profile settings (including the new password), click Remediate again; Remediate a host profile in VMware vCenter
  10. The root password on your ESXi host is reset and you can take the host out of maintenance mode.

0 comment
4
Facebook Twitter Google + Pinterest

Related Reading

How to Fix ‘An Operating System Wasn’t Found’...

July 14, 2023

Unmounting an NFS Datastore from VMware ESXi

April 21, 2023

How to Increase Virtual Machine Disk Size in...

April 6, 2023

How to Install Free VMware Hypervisor (ESXi)

January 24, 2023

Using VMware Converter for P2V Migration (Physical to...

October 19, 2022

Leave a Comment