Mark III Systems Blog

Quick Tip – Reset vCenter root password – Ken Shelton

The vCenter Server Appliance Management Interface or VAMI for short is one of those forgotten pieces of the vSphere infrastructure until it is needed. It is not accessed frequently and therefore it tends to be forgotten about. But eventually you will need to perform an upgrade, backup, change NTP or DNS settings on your vCenter server – and this is all done from the VAMI. So, you go to login, and you see the following:

VMware V Center Server Management

That is right, a few years ago, VMware implemented a password expiry policy of 90 days for the root user account on the vCenter Server Appliance or VCSA for short. Love the acronyms, right? So, since the VAMI is used so infrequently, the 90 days tends to come and go and completely catch VMware admins off guard when they need to access it. Fortunately, this is an easy problem to solve. I will walk you through the steps on vCenter 7.0. If you are running a previous version, these steps may not work for you, but I do provide some additional resources below.

Open PuTTY and SSH to the VCSA
Putty Configuration Once logged in, you will launch the BASH shell by simply running the command “shell”

Example of Bash Shell

Resetting the password now is as simple as running the “passwd” command and supplying a new unique complex password.

Password Reset

Once the root account password is reset, you should now be able to login to the VAMI.
managemetn

Now if SSH happens to be disabled, all hope is not lost. Here is some additional information and resources to get you going:

For vCenter 7.0U1 and 6.7P03 there are a few changes:

  • The root user will be prompted for resetting the password when they try to SSH to the machine if expired or expiring. In my example above, the password was not expired. Had it been, I would have been prompted to change when logging in via SSH.
  • You can login to VAMI using SSO administrator and reset the root password from there. So, this means you can login to the VAMI as administrator@vsphere.local or any other member of the SSO administrators group and reset the password from there.
  • You can also SSH to the VCSA and login with the administrator@vsphere.local or any other member of the SSO administrators group as well. Doing this, you can follow the procedure outlined above.

Here are some KB’s for reference just in case you need them:

How to reset the lost or forgotten root password in vCenter Server Appliance 6.7 U1 and later (75174)
https://kb.vmware.com/s/article/75174

Resetting root password in vCenter Server Appliance 6.5 / 6.7 / 7.x (2147144)

https://kb.vmware.com/s/article/2147144