Resetting root password in vCenter Server Appliance 6.5 / 6.7 / 7.x (2147144)


Last Updated: 4/5/2021Categories: TroubleshootingTotal Views: 485950 172 subscribe
Skyline Health Diagnostics (SHD) is a tool that analyses log files to detect known issues and recommend solutions/KBs. Benefits include:
  • Instant resolution to known issues that occur in your vCenter/vSphere environment
  • Significant reduction of time and efforts in resolving issues faced by Admins
  • Stability of your vSphere environments
It is highly secure and doesn’t require online connectivity. Please visit here for more details on SHD, including downloading and installation of this tool.
 Symptoms
  • The root account password of VMware vCenter Server Appliance fails
  • The root account of the vCenter Server Appliance 6.5 and above is locked or account is expired
  • The root account password has been lost or forgotten
Note: The above symptoms can also occur on an external Platform Services Controller (PSC) running on vSphere 6.5 and 6.7.
 Purpose
This article provides steps to reset a lost, forgotten, or expired root password for a vCenter Server Appliance (or external PSC) 6.5 and later.

Important: This article is explicitly for the vCenter Server Appliance (and external PSC 6.5 and 6.7) 6.5 and later.

For previous versions, see: Resetting root account password of vCenter Server Appliance 6.0

 Cause
For passwords that have expired, the default vCenter Server Appliance password expires after 90 days. For more information, see Change the Password and Password Expiration Settings of the Root User
 Resolution

Process to Reset the Root Password in VCSA:

Note: 6.7U1 and later has a simpler method to reset the password, see How to reset the lost or forgotten root password in vCenter Server Appliance 6.7 U1 and laterTo reset the root password for the vCenter Server Appliance:

  1. Take a snapshot or backup of the vCenter Server Appliance before proceeding.
Caution: Do not skip this step
Note: If the vCenter Appliance is on the same ESXi hosts it manages. Connect directly to the ESXi host that it is located on to perform these steps.
  1. Reboot the vCenter Server Appliance.
  2. After the VCSA Photon OS starts, press the e key to enter the GNU GRUB Edit Menu.
  3. Locate the line that begins with the word Linux.
  4. Append these entries to the end of the line:rw init=/bin/bash

    The line should look like the following screenshot:   

     

  5. Press F10 to continue booting.
  6. Run the command
mount -o remount,rw /
  1. In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation):
passwd
  1. Unmount the filesystem by running this command (yes, the unmount command is umount  –  it’s not a spelling error):
umount /
  1. Reboot the vCenter Server Appliance by running this command:
reboot -f
  1. Confirm that you can access the vCenter Server Appliance using the new root password.
  2. Remove the snapshot taken in Step 1 if applicable.
  3. You could set the Root password to never expire in order to prevent this issue by running command:         chage -I -1 -m 0 -M 99999 -E -1 root  or at the VAMI  ( https://<vcenter_fqdn>:5480)

Note: If you continue to have issues, see Unable to log in to the vCenter Server Appliance shell using root account even after password reset

 Related Information

For 7.0U1 and 6.7P03 there are a few changes:

  1. The Root user will be prompted for resetting the password when they try to SSH to the machine if expired or expiring.
  2. You can also login to VAMI using the SSO administrator and reset the root password from there.
  3. Email notification is sent earlier to prevent from having the Root password expired.
  4. An alarm will be triggered in vsphere-ui to notify the user about the password expiry.

For more information, see:

For translated versions of this article, see: