VMware – Reset the root password for VCSA 6.x


To totally unlock this section you need to Log-in


Login

Usually, it's a good practice to store all passwords in something like KeePass or some other password management tool. You also could write down credential details in the annotation or notes field for any VM you have created. This serves as a quick self-reminder whenever you need to log on a VM and also help users access a VM when required (as an emergency).

VMware - Reset the root password for VCSA 6.x

A day, you could found yourself trying to log in as root on a VCSA you had recently set up and not recall the password (very bad).

Disclaimer: we tested the procedure on VCSA 6.0 U2 and VCSA 6.5. In theory, it should work on earlier releases but we did not have the time to test this out on every version released to date. Do so at your own risk and always back up the appliance before effecting any changes.

VCSA 6.5 - vCenter Server Appliance

First, shut down the VCSA and take a snapshot.

  • Start the appliance up and press the space bar to freeze the GRUB menu. Note that you need to be somewhat quick here.
  • Press e to enable edit mode.
  • Append rw init=/bin/bash to the list of options as shown in following figure.

VMware - Reset the root password for VCSA 6.x

Press F10 to reboot. The appliance will now boot up in bash or root shell.

Type passwd to change the root password. Type it twice and press Enter to confirm.

Optionally, you can unmount the file system using umount /.

VMware - Reset the root password for VCSA 6.x

Reboot the appliance using the power options from the VMRC or vSphere Client menu.

VMware - Reset the root password for VCSA 6.x

You should now be able to log in with root using the new password.

VCSA 6.0 Update 2

The process is very similar to the one for VCSA 6.5. First, shut down the VCSA and take a snapshot.

Press the space bar to freeze the GRUB menu.

Press p and type in the password to unlock the advanced features in GRUB (refer to The GRUB Password section further down).

VMware - Reset the root password for VCSA 6.x

Press e to enable Edit mode. Select the entry starting with “kernel /vmlinuz-...” and press e once more.

VMware - Reset the root password for VCSA 6.x

Append init=/bin/bash to the kernel boot options:

VMware - Reset the root password for VCSA 6.x

Press Enter followed by b. This reboots the appliance in single-user mode. Type in the passwd command. Type in the new password twice and press Enter to confirm.

VMware - Reset the root password for VCSA 6.x

Reboot the appliance using the power options from the VMRC or vSphere client. Alternatively, you can use the reboot shell command. If this fails, run mkfifo /dev/initct first followed by reboot -f.

The GRUB Password

The GRUB password is by default set the same as that for root (in some cases as vmware). At no point during the vCSA installation do you get to set the GRUB password and you also cannot skip setting one for root.

VMware - Reset the root password for VCSA 6.x

Well, you are faced with two issues if you happen to lose or forget the root password. It logically follows that if you’re locked out from making changes to GRUB, there is no way you can reset the root password.

Changing the root password and expiration settings

There will be times where you will not be able to log in as root despite being sure that you’re typing in the correct password. This will occur whenever the root password expires after the default password lifetime of 365 days. Additionally, it is very common to set the expiration period to 90 days or less to tighten up security. You can disable password expiry altogether but this is definitely not recommended.

The root password and expiry settings are easily managed using VAMI which you will access via this https://:5480 link. The following figure shows the root account management pages for VCSA 6.0 U2 and 6.5 respectively.

VMware - Reset the root password for VCSA 6.x

VMware - Reset the root password for VCSA 6.x

Alternatively, use the chage command from the ESXi shell as shown in Figure 11 which consists of a screen grab of the root settings in VAMI next to a screen grab of the VCSA VM’s console while in shell. Here’s a step by step explanation of the commands used.

  1. chage -l root : Displays the account details for root which include the account and password expiry dates, the date at which the password was last changed, etc.
  2. passwd : This command simply prompts you to change the password of the currently logged on user, which in this case happens to be root.
  3. chage -M 30 root : Here we have used the chage command to set the password expiration period to 30 days from when the password was last changed.
  4. Same as (1). You can see that the “Maximum number of days between password change“ value – which is a bit misleading – is now set to 30. The change is also reflected in the VAMI settings screens when it is refreshed.

VMware - Reset the root password for VCSA 6.x

As always, make sure to take a snapshot or a backup of the VCSA appliance when committing these type of changes. This allows you to quickly revert to a working vCSA instance should you hit a dead end.