vSphere Upgrade & Install

 View Only
Expand all | Collapse all

VMware ESXi 7.0.3 will not let me change root password

  • 1.  VMware ESXi 7.0.3 will not let me change root password

    Posted 24 days ago

    Hello everyone,

    I've run into a problem with my ESXi server. I went to login to its browser the other day to find that the password has expired with no option to change it. So I attempt to log directly into the box where i'm prompted to change  the password. When I go to change it though, it always says that the password doesn't meet the password complexity requirements. I've tried to create a password IAW this link ESXi Passwords and Account Lockout (vmware.com), but no matter what it always says it doesn't meet the complexity requirements.

    Any thoughts? I've booting into a live linux distro and mounting the file system as a work around, but that seems to not work as VMware might've put the stop to that by encrypting certain parts of the its file.

    Respectfully,

    Alex



  • 2.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 24 days ago

    Hi Alex, 

    Have you applied any STIG's or security settings to your ESXi host? Typically ESXi hosts allows you to change your password to something different 5 times before you can change it back to what it was. That being said, you probably need some upper case, lower case, symbols, and numbers if any security settings have been applied. 

    Please let us know if you have enabled any security or STIG'ed your host. 



    ------------------------------
    Please mark as Recommended if this solved your problem. This will help the community find solutions to their problems as well.

    MORE LOGS, MORE SCREENSHOTS, MORE DETAILS = Easier To Help You :D

    I have super ODC, so excuse my excessive formatting.
    ------------------------------------------------------------
    VCP-DCV 8.x | VCP-DCV 6.x | CompTIA A+, Net+, Sec+, Proj+, Server+ | MCSE | MCSA | MCITP
    ------------------------------



  • 3.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 24 days ago

    Hi Casey,

    Thanks for your reply. I have applied STIGs for it which I think might be part of the issue. There's a section about shutting off SSH unless needed for maintenance so if I remember correctly in the past this lockout has happened before and I was able to reset through SSH. That line is severed now and for whatever reason none of the passwords I'm entering are meeting the complexity requirements when trying to log into the box. I'm hoping it's something silly, but I haven't found that 'ah ha!' moment yet.




  • 4.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 23 days ago

    Looks like we found the problem then (hopefully): 

    For 7.0.3 ESXi STIG: The ESXi host must be configured with a sufficiently complex password policy. 

    Password Complexity: Passwords must contain at least one of each of the following four character classes:

    • Lowercase letters
    • Uppercase letters
    • Numbers
    • Special characters (e.g., @, #, $, etc.)

    (Satisfies: SRG-OS-000069-VMM-000360, SRG-OS-000070-VMM-000370, SRG-OS-000071-VMM-000380, SRG-OS-000072-VMM-000390, SRG-OS-000078-VMM-000450, SRG-OS-000266-VMM-000940)

    Here is a DoD approved ****: Norton - Create strong passwords with Password **** 


    Extra Notes:

    • Password Length: The minimum length for passwords is 15 characters, as specified to enhance security against brute-force attacks. This policy ensures that all passwords are sufficiently long to provide adequate security.

    • Password Age: Passwords should have a maximum age set to ensure regular updates. For ESXi 7, it is recommended to set the Security.PasswordMaxDays value to 90 days. This ensures that passwords are changed frequently enough to minimize the risk of being compromised over time.

    • Password History: The system must prohibit the reuse of the last five passwords to prevent users from cycling through the same passwords repeatedly.

    P.S. - I can't remember 100% where I saw it, but somewhere there is actually a limit on the length. I don't know if it was for ESXi or something else I was STIG'ing, but it was capped at like 28 or 30 characters. I would use a password around 20-22 characters long.

     



    ------------------------------
    Please mark as Recommended if this solved your problem. This will help the community find solutions to their problems as well.

    MORE LOGS, MORE SCREENSHOTS, MORE DETAILS = Easier To Help You :D

    I have super ODC, so excuse my excessive formatting.
    ------------------------------------------------------------
    VCP-DCV 8.x | VCP-DCV 6.x | CompTIA A+, Net+, Sec+, Proj+, Server+ | MCSE | MCSA | MCITP
    ------------------------------



  • 5.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 21 days ago

    Unfortunately it's still failing due to complexity requirements. I've made up a few passwords that follow the above criteria but it's not working. Maybe the criteria differs.




  • 6.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 22 days ago

    Hello, As long as the ESXi host is connected to a vCente you can use a host profile to change the password.




  • 7.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 21 days ago

    MikeBauer is 100% correct. With host profiles, you have to be a little careful if you have not used them before. You can wipe some settings that you really don't want too. 

    Is your ESXi host connected to a vCenter that you have access too? Even if it is just to Powershell Connect-VIServer too? If so, I got a script :) 



    ------------------------------
    Please mark as Recommended if this solved your problem. This will help the community find solutions to their problems as well.

    MORE LOGS, MORE SCREENSHOTS, MORE DETAILS = Easier To Help You :D

    I have super ODC, so excuse my excessive formatting.
    ------------------------------------------------------------
    VCP-DCV 8.x | VCP-DCV 6.x | CompTIA A+, Net+, Sec+, Proj+, Server+ | MCSE | MCSA | MCITP
    ------------------------------



  • 8.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 21 days ago

    So when I login through the browser it's through the host client. It will say that the credentials have expired and won't give an option to create a new password. 

    As far as vCenter goes, I'm unaware if there ever was one setup before I got here. I'll try digging around to see how to access it if there is one.




  • 9.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 21 days ago
    Edited by bwuser2014 21 days ago

    If you do not have any solution, try to reinstall ESXi and choose "keep the data on datastore". You can still keep the virtual machines on this ESXi host.



    ------------------------------
    Regards,

    Victor Wu
    Chief Architect, Business Consultation Team
    ------------------------------



  • 10.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 21 days ago

    So I had the same issue a while back.  If you don't want to do a reinstall of ESXi on the box and re-attach your datastore, then I came across this link that showed the steps on how to reset the root password for the vCenter7 Appliance by rebooting it and halting the boot process to the GRUB menu.  

    I believe the process will work for EXSi host box also since they run photonOS

    The site has all the steps, also a video. 

    VMware vCenter 7 Appliance root password reset – Angry Admin (angrysysops.com)

    Hope it helps. 

    Ace. 




  • 11.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 21 days ago

    This is probably what I'll do. Thanks for all the help and suggestions everyone!




  • 12.  RE: VMware ESXi 7.0.3 will not let me change root password

    Posted 20 days ago

    Hi, 

    if you lost the password of your esxi, you can follow this : https://www.starwindsoftware.com/blog/forgot-esxi-root-password-no-problems-4-ways-reset

    Rgds