How to reset the lost or forgotten root password in vCenter Server Appliance without reboot / 6.7u1 / 7.x (2024)

search cancel

How to reset the lost or forgotten root password in vCenter Server Appliance without reboot / 6.7u1 / 7.x / 8.x

book

Article ID: 321369

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides steps to reset the root password if you have lost or forgotten the existing root password without reboot / 6.7u1 / 7.x / 8.x


For versions prior to VCSA 6.7 Update 1, seeResetting root password in vCenter Server Appliance 6.5 to 6.7 U1.

Symptoms:

  • Logging in to the root account of vCenter Server Appliance (VCSA) fails.
  • The root account of the vCenter Server Appliance6.7 U1 and later is locked or account is expired.
  • Forgot the root password.
  • The root account password has beenlost or forgotten
  • You are unable to login to vCenter


Note: The above symptoms can also occur on an external Platform Services Controller (PSC) running on vSphere 6.5 and 6.7.

Environment

VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x
VMware vCenter Server Appliance 6.7.x

Cause

  • With the change within VCSA 6.7 U1, the SSO user who is part of SystemConfiguration.BashShellAdministrator group will be able to log in to Bash shell and can call any commands using sudo and without password. This aims at reducing the gap between the root and SSO administrator user. The user has to enable shell to log in to the bash shell. By default, the user will be logged into appliance shell.
  • For passwords that have expired, the default vCenter Server Appliance password expires after 90 days. For more information, seeChange the Password and Password Expiration Settings of the Root User

Resolution

Process to Reset the Root Password in VCSA:

  1. Connect SSH to VCSA and login using [emailprotected] where vsphere.local is your default SSO Domain.​​​​​
  1. If first time logging in, enable shell then enter shell.
  • shell.set --enable true
  • shell

How to reset the lost or forgotten root password in vCenter Server Appliance without reboot / 6.7u1 / 7.x (1)

  1. Once in shell as sso-user, run the below command to change to root shell.
    • sudo -i
  2. Unlock the 'root' account using below command if it is already locked due to multiple logins with incorrect password.
    pam_tally2 --user=root --reset

    How to reset the lost or forgotten root password in vCenter Server Appliance without reboot / 6.7u1 / 7.x (2)


    For 8.0 U2 onwards:
    /usr/sbin/faillock --user root --reset

    Note: pam_tally2 is deprecated in Photon 4, use faillock instead

  1. Then once in root shell, run passwd to change the root password.
    • passwd
    • Alternately, you could use the command:sudo passwd root
      • How to reset the lost or forgotten root password in vCenter Server Appliance without reboot / 6.7u1 / 7.x (3)
  2. Confirm that you can access the vCenter Server Appliance using the new root password.
  3. You could set the Root password to never expire in order to prevent this issue by running command: # chage -I -1 -m 0 -M 99999 -E -1 root or at the VAMI( https://<vcenter_fqdn>:5480)

    Note: If you continue to have issues, seeUnable to login to the vCenter Server Appliance shell using root account even after password reset

Additional Information

For 7.0U1 and 6.7U3j there are a few changes:

  1. The Root user will be prompted for resetting the password when they try to SSH to the machine if expired or expiring.
  2. You can also login to VAMI using the SSO administrator and reset the root password from there.
  3. Email notification is sent earlier to prevent from having the Root password expired.
  4. An alarm will be triggered in vsphere-ui to notify the user about the password expiry.
Changes in 8.0 U2 and above versions:

You will get below error while executing pam_tally2 in 8.0 U2 or above versions, as this utility was deprecated in Photon 4 and 8.0 U2 is using Photon 4 version. The alternate utility on Photon 4 is "/usr/sbin/faillock" to unlock the accounts.

"-bash: pam_tally2: command not found"

For more information, see:


You can update the password of the root user in the vCenter Server via appliance shell if account is not locked

Procedure

  1. Access the appliance shell and log in as a user who has a super administrator role.

    The default user with a super administrator role is root.

  2. login using [emailprotected] where vsphere.local is your default SSO Domain.​​​​​
  3. Run the localaccounts.user.password.update --username user name --password command.
  • localaccounts.user.password.update --username root --password

  • Enter and confirm the new password when prompted.

More information: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vcenter.configuration.doc/GUID-523261AF-B36C-4C42-AD0C-8AD8D6AAEFE5.html

Feedback

thumb_up Yes

thumb_down No

Powered by How to reset the lost or forgotten root password in vCenter Server Appliance without reboot / 6.7u1 / 7.x (4)

How to reset the lost or forgotten root password in vCenter Server Appliance without reboot / 6.7u1 / 7.x (2024)

FAQs

How to reset vCenter root password without reboot? ›

Change vCenter Root password without reboot
  1. Step 1: SSH into the vSphere server with putty. ...
  2. Step 2: Log in with your administrator@vsphere.local credentials. ...
  3. Step 3: Use the command from vmware. ...
  4. Step 4: Once that is done you'll get a prompt to change it to whatever you want.
Mar 30, 2021

How to reset root password without reboot? ›

Here are the steps to change the root password when logged in as the root user:
  1. Open a terminal or access the command-line interface: Start by opening a terminal window. ...
  2. Run the passwd command: ...
  3. Enter the new root password: ...
  4. Confirm the new root password: ...
  5. Password change successful:
Apr 20, 2024

How to reset ESXi root password without reboot? ›

Add the host with the forgotten password to the domain. Next, try logging in the ESXi host with the TestUser credentials. Here's how you are to specify the user name: User@Domain or Domain\User. Once you log in the host, go to the Security & users tab to reset the root password.

How to reset root password vCenter Appliance 7? ›

To reset the password you can enter the following command: “passwd”. Now you will be prompted to enter your new password for the root user and repeat this again. Now you can reboot your appliance and login with your new root password.

What is the default root password for vCenter 6.5 appliance? ›

If the vCenter Server appliance is deployed without editing the root password in the Virtual Appliance Management Interface (VAMI), the default GRUB password is vmware.

How do I reset my vmware root password from the console? ›

To reset the root account password, enter the passwd commands in the console. Enter a new password, then reenter the same password to confirm the change. Note: The passwords for all user accounts must meet the following requirements. Passwords must be at least eight characters long.

How do I recover my root password if I forgot it? ›

Linux Guide/Reset a forgotten root password
  1. Shut down the device.
  2. Start it again. ...
  3. In the GRUB boot options, scroll down and locate the line that begins with 'linux'. ...
  4. Press Ctrl+x, or F10, to boot.
  5. You will see a root prompt. ...
  6. Set the password of any user(s). ...
  7. Reboot with the command "reboot -f".

What is the command used to reset root password? ›

Procedure 1 - sudo

You can use the 'id' command to confirm that you are root. Now you can simply use the 'passwd' command to reset the root password. Changing password for root. Type 'exit' to close the root shell when you are done.

How to reset root password with sudo? ›

To change the root password, take the following steps:
  1. Run the passwd command: sudo passwd root.
  2. Enter your account password.
  3. Type in the new root password.
  4. Retype the root password.
Apr 16, 2024

How to recover vmware ESXi 7 root password? ›

To Reset the ESXi Root Password with Host Profile
  1. Login to the vCenter vSphere Client.
  2. Go to Home and then choose Host Profiles from Operations and Policies Section.
  3. Choose > Extract profile from a host.
  4. In the Extract Host Profile menu wizard > Select the host to update the password for.
Aug 27, 2024

How to reset a lost VMware vSphere Replication root password? ›

Step by Step Process to Reset ROOT Password for vSphere Replication Appliance
  1. Press Ctrl+X. It will enter in command prompt to change password. Type below command and press enter. mount -o remount /rw /
  2. Press below command to unlock password. /sbin/pam_tally2 -r -u root.
  3. Press below command to reset password. passwd root.
Jul 24, 2020

How do I change the root password in vmware vCenter? ›

Procedure. In the vCenter Server Management Interface, click Administration. In the Password section, click Change. Enter the current password and the new password, then click Save.

How do I change my ESXi root password? ›

Using the Direct Console User Interface (DCUI)

At the ESXi welcome screen, press F2 to access the System Customization menu. Log in as the root user with the current password. Navigate to "Configure Password" in the menu. Follow the prompts to enter and confirm the new password.

What is the root password policy for vCenter appliance? ›

Root Password Expiration on vCenter VCSA

When you install the vCenter Server Appliance, the password lifetime for root user is set to 365 days (vCenter 6.5 or earlier) or 90 days (vSphere 6.7). So root is also subject to password expiration policy.

How do I login to vCenter as root? ›

In a Web browser, go to the vCenter Server Management Interface, https:// appliance-IP-address-or-FQDN :5480. Log in as root. The default root password is the password that you set while deploying vCenter Server.

How to reset vCenter administrator password? ›

In the vCenter Server Appliance
  1. Connect to vCenter Server Appliance through SSH.
  2. Run /usr/lib/vmware-vmdir/bin/vdcadmintool. ...
  3. Press 3 to enter the Reset account password option.
  4. When prompted for the Account DN, enter: ...
  5. Use the generated password to log in to administrator@vSphere.local account.
Feb 19, 2020

How do I reset my vCenter Server Appliance 5.5 root password? ›

Linux SSO Embedded Installation with vCenter Server Appliance (VCSA) 5.5 :
  1. Navigate to the /usr/lib/vmware-vmdir/bin/ folder : # cd /usr/lib/vmware-vmdir/bin/
  2. Execute command : ./vdcadmintool. ...
  3. Choose option #3 to generate new password.
  4. For Account DN, input : ...
  5. Copy password and save it.
  6. Choose option #0 to exit.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Dr. Pierre Goyette

Last Updated:

Views: 6179

Rating: 5 / 5 (70 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Dr. Pierre Goyette

Birthday: 1998-01-29

Address: Apt. 611 3357 Yong Plain, West Audra, IL 70053

Phone: +5819954278378

Job: Construction Director

Hobby: Embroidery, Creative writing, Shopping, Driving, Stand-up comedy, Coffee roasting, Scrapbooking

Introduction: My name is Dr. Pierre Goyette, I am a enchanting, powerful, jolly, rich, graceful, colorful, zany person who loves writing and wants to share my knowledge and understanding with you.