Quick Tip – Reset vCenter root password – Ken Shelton
The vCenter Server Appliance Management Interface or VAMI for short is one of those forgotten pieces of the vSphere infrastructure until it is needed. It is not accessed frequently and therefore it tends to be forgotten about. But eventually you will need to perform an upgrade, backup, change NTP or DNS settings on your vCenter server – and this is all done from the VAMI. So, you go to login, and you see the following:
That is right, a few years ago, VMware implemented a password expiry policy of 90 days for the root user account on the vCenter Server Appliance or VCSA for short. Love the acronyms, right? So, since the VAMI is used so infrequently, the 90 days tends to come and go and completely catch VMware admins off guard when they need to access it. Fortunately, this is an easy problem to solve. I will walk you through the steps on vCenter 7.0. If you are running a previous version, these steps may not work for you, but I do provide some additional resources below.
Open PuTTY and SSH to the VCSA
Once logged in, you will launch the BASH shell by simply running the command “shell”
Resetting the password now is as simple as running the “passwd” command and supplying a new unique complex password.
Once the root account password is reset, you should now be able to login to the VAMI.
Now if SSH happens to be disabled, all hope is not lost. Here is some additional information and resources to get you going:
For vCenter 7.0U1 and 6.7P03 there are a few changes:
- The root user will be prompted for resetting the password when they try to SSH to the machine if expired or expiring. In my example above, the password was not expired. Had it been, I would have been prompted to change when logging in via SSH.
- You can login to VAMI using SSO administrator and reset the root password from there. So, this means you can login to the VAMI as email@example.com or any other member of the SSO administrators group and reset the password from there.
- You can also SSH to the VCSA and login with the firstname.lastname@example.org or any other member of the SSO administrators group as well. Doing this, you can follow the procedure outlined above.
Here are some KB’s for reference just in case you need them:
How to reset the lost or forgotten root password in vCenter Server Appliance 6.7 U1 and later (75174)
Resetting root password in vCenter Server Appliance 6.5 / 6.7 / 7.x (2147144)