VMware vSphere

i have problem with my vmware esxi 7.0.1 root password. we changed it but did not keep record of the new one and it was lost. we need to reset the password.

i have several vm machines and i do not want to lose them.

i tried upgrading to newer version(tried it on other stand alone server not the one i have problem with) but did not work since it did not ask for a new root password.

i can not restart or shutdown since i wont be able to turn on my vm machines again and i will get in big problem.

is there a way to reset the root password without losing my vm machines? 

Thread reported so moderators know it should be moved to the area for ESXi.

I can't remember which area you posted your thread in originally, but if you look at the path towards the top of the page you'll see it was moved by a moderator:

Are you on vCenter by chance?  If so, then you can use Host Profiles to reset the root password.  Otherwise, you can re-install ESXi with a new password and it won't reformat the VMFS drives, if you have ESXi on a separate drive(s) from the VM datastore.  If they are intermingled, I would export the VMs and then re-install, re-import the VM.

hi thanks for your reply. no i am not on vcenter.

Reinstalling ESXI keeps my VM drives? no risk at all?

they are all on the same drive.

Reinstall with new password worked for me. All VM machine remained and no harm. 

Thanks for all the help from everyone

Hi CompuAnnan, how did you do this? did you boot the server with a boot disk and go through the process of reinstall? 

This is frequently stated without including the caveat regarding the need for the correct licensing.

The licensing for vSphere Essentials and Essentials Plus includes vCenter, but does not include access to creating Host Profiles.

I don't know if vSphere Standard includes it or not.

Hi,

he is right, it is true that using host profiles "solves the problem" but as long as the licenses available are at the enterprise (plus) level, at least that's what it says on the documentation.

But forgive me, immediately after installation, configuring an account functionally equivalent to the default account "root" (= administrator) and then use that new account, takes a few minutes, just as it takes to take note of the credentials, (maybe) print them and keep them in a safe place.

Regards,
Ferdinando

True, but that user only exists in the vCenter environment, not on the host hardware itself.
If, like me, you use a terminal session to install updates to the host hardware, you'll need the root password on the host hardware.

OP is talking about the ESXi root password

"i have problem with my vmware esxi 7.0.1 root password"

I did not say never to use the "root" account again, but having an alternative account with the same "identical" privileges allows you to use "root" account as little as possible, allows you to "reset" the latter account password without particular problems and avoids "being cut off" in case the root account is blocked for one reason or another.

Regards,
Ferdinando

 
I completely agree with you,
Sadly, since that preemptive measure was not taken, the owner of the original post does not have that option.

,

I will tell you, every now and then on this or other forums the question of how to "reset the password of the root account of an ESXi host" is not uncommon as it is not common setting up an alternate account because so much can be remedied with the vCenter object or the Active services Directory.

Instead, I am of the idea that infrastructures built around vSphere (but not only them) should be as independent as possible any other service provided by virtual machines placed on them or not. I am getting old now but I got into the habit of not using on principle (or at least as little as possible) default administrative accounts a few decades ago.

Regards,
Ferdinando

i managed to reset the password using a new installation of VMWare ESXI but with option to keep the existing VM machines.

All vm-machines were saved and I could add them again without any problem.

Everything worked well for me and still working all fine till now.

I hope others who need root password reset would benefit from my post.

Excellent!

The only down-side to this is you lose all of the network configurations on the host server (vSwitches, vKernels, etc...).
This may also extend to any devices you have in pass-through mode.

It's pretty easy to backup the ESXi configuration using PowerCLI, so that shouldn't be a concern.  Another method to ensure that you can always get into the console is to enable SSH and use a SSH Public Key and disallow the user of the root password for SSH.  This does require SSH to always be on and such, but as long as the Management Network is on an isolated subnet, then the risks are mitigated.  Otherwise, schedule a task to run every night to dump the ESXi configuration to a static file and use that as a backup.

Host Profiles is another really nice method to manage and reset host settings, including the root password.  There's some limitations and caveats to using Host Profiles, and personally I have never used them as I find them very cumbersome and use PowerCLI instead, but that's an option.

There's also something like SecretServer or Okta, which are Enterprise Password Managers that not only store the password, but also rotate the passwords on a certian frequency and can manage access to that password.  This is the best option in my opinion becuase it keeps the passwords rotated, audits who access what password, and has good ACL built in.

Lastly, there is this article, which involves some hoop jumping to modify the shadow file on the ESXi host, resetting the password to blank and allowing you to reset things.  I have never tried this article, but have always meant to as it seems sound but is not for the faint at heart by any means.

Hi,

Excuse me, I'm afraid the article indicated that it would like to edit the "shadows file" now is of little use because the "state.tgz" file is encrypted, AFAIK (I could be wrong) since version 7.02 of the ESXi product.

Regards,
Ferdinando

Hi

i have lost root password for the esxi 7 , which is not  managed by vcenter server,

could you please tell me the step by step to recover the root password so it's help me to resolve

If you can't get into the console, it's a re-install, otherwise you can use the 'passwd root' command to change it.

As  already reffered. You can do it with Host profile.

Here the KB: https://kb.vmware.com/s/article/68079

LILO?

If your Esxi server is managed by vCenter we can use PowerCLI to reset your Password. This wont cause any downtime.