[Quicktip] Rest root password in VMware vCenter VCSA - since 6.7 U1(!)

  • 15 April 2021
  • 8 comments
  • 1366 views

Userlevel 7
Badge +7
  • Veeam Legend, Veeam Vanguard
  • 875 comments

It is not uncommon to reset root password in VMware VCSA (vCenter Service Appliance). This can be necessary when account is locked or password is expired. Normally, you have to shut it down, enter GRUB and edit start parameter to boot into bash. There you can reset root password. Afterwards you boot VM again. Here is the link to this procedere: https://kb.vmware.com/s/article/2147144

With vCenter 6.7 U1 it us much easier! Since then it is possible to use a Single-Sign On (SSO) administrator account (for example: administrator@vsphere.local) to login to Appliance Interface (Port 5480) and shell. And exactly this can be used to reset the root password. In short it goes like this: 

  1. Take a snapshot/backup of VCSA - it is always a good idea to start with a backup 
  2. Login as a SSO-administrator using a SSH client or console.
  3. Enable and start shell:
    1. shell.set --enable true
    2. shell
  4. Change root password

    1. sudo passwd root​​​​​​​​
  5. Done

Here is the link to the more detailed VMware KB-article: https://kb.vmware.com/s/article/75174.

I had this finding these days, maybe it is new for some of you too.


8 comments

Userlevel 7
Badge +6

Thanks for sharing, makes it easier 😀 though probably less secure as it’s any SSO user with certain permissions from the looks of that article.

 

Also an interesting note:

“For 7.0U1 and 6.7P03 there are a few changes:

 

You can also log in to VAMI using SSO administrator and reset the root password from there.”

 

Interesting to see it’s not just root that can log into VAMI now!

Userlevel 7
Badge +7

Thanks for sharing, makes it easier 😀 though probably less secure as it’s any SSO user with certain permissions from the looks of that article.

 

Also an interesting note:

“For 7.0U1 and 6.7P03 there are a few changes:

 

You can also log in to VAMI using SSO administrator and reset the root password from there.”

 

Interesting to see it’s not just root that can log into VAMI now!

You are right, since 6.7 U3 (Build 16713306) and 7.0 U1 you can reset password in VAMI too. Before this, there is no user administration available for other users than root.

Userlevel 7
Badge +1

Nice one vnote!

Userlevel 6
Badge +3

is there anything change for V7.0 ?

Userlevel 7
Badge +7

is there anything change for V7.0 ?

Not really. This works since 6.7 U1.

Userlevel 6
Badge +3

oops. would you please suggest anything for u7.x?

Userlevel 7
Badge +7

oops. would you please suggest anything for u7.x?

do not let your password expire ;)

 

Userlevel 6
Badge +3

oops. would you please suggest anything for u7.x?

do not let your password expire ;)

 

I thing so that's is okay 

Comment