How to reset ESXi 5.x root password using Host Profiles

Posted on Updated on


According to VMware, the only supported way to reset a lost password is to do a fresh install. However, there are ways around it if your host is already connected to vCenter.

If you do NOT know the host password but it’s currently connected to vCenter, you can use Host Profiles to reset the password. This is only possible because the vpxa user on each ESXi host, added when the ESXi host is connected to vCenter Server, has root privileges.

Host Profiles are a feature of Enterprise Plus licensing only.

The is a VMware KB which mentions root password recovery is this one and it clearly states that it’s not supported to reset passwords on ESXi 5.x and ESXi in general as there is no longer the Linux console where you would use the single-user mode for the job:

Reinstalling the ESXi host is the only supported way to reset a password on ESXi. Any other method may lead to a host failure or an unsupported configuration due to the complex nature of the ESXi architecture. ESXi does not have a service console and as such traditional Linux methods of resetting a password, such as single-user mode.

But using host profiles to change the root password on ESXi host is supported and if you got the appropriate licensing then you should be able to change the root password.

Steps:

1. Right click the host, choose All vCenter Actions, Host Profiles, and select Extract Host Profile. Run through the wizard to create the new profile.

2. At the top of the vSphere client, click Home and Host Profiles under the Management section. Right click the newly created profile and choose Edit.

3. Click Next to the Edit Host Profile step and expand Security and Services, then expand Security Settings. Click on Security Configuration. Modify the dropdown list and select the “Configure a fixed administrator password” option. Enter the new password.

4. Complete the wizard which will save all your changes.

5. Back in the Hosts and Clusters view, right click your host and go to All vCenter Actions, Host Profiles, and Attach Host Profile. Select your profile you created and customized and finish the wizard.

6. Put your host in maintenance mode.

7. Right click the host again, All vCenter Actions, Host Profiles, and Remediate. If your host is not in maintenance mode, you’ll get the message “Remediate operation is allowed only for hosts in maintenance mode”

8. Once the Host Profile is applied, the host will reboot and your password will now be updated.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s