[Quicktip] Rest root password in VMware vCenter VCSA - since 6.7 U1(!)

It is not uncommon to reset root password in VMware VCSA (vCenter Service Appliance). This can be necessary when account is locked or password is expired. Normally, you have to shut it down, enter GRUB and edit start parameter to boot into bash. There you can reset root password. Afterwards you boot VM again. Here is the link to this procedere: https://kb.vmware.com/s/article/2147144

With vCenter 6.7 U1 it us much easier! Since then it is possible to use a Single-Sign On (SSO) administrator account (for example: administrator@vsphere.local) to login to Appliance Interface (Port 5480) and shell. And exactly this can be used to reset the root password. In short it goes like this: 

1. Take a snapshot/backup of VCSA - it is always a good idea to start with a backup 
2. Login as a SSO-administrator using a SSH client or console.
3. Enable and start shell:
   1. shell.set --enable true
   2. shell

4. Change root password

   1. sudo passwd root​​​​​​​​
5. Done

Here is the link to the more detailed VMware KB-article: https://kb.vmware.com/s/article/75174.

I had this finding these days, maybe it is new for some of you too.