Vmware vsphere default password. Changing the root password through the GUI

If you have forgotten or lost the root password for an ESXi host, you may lose control over it and will not be able to access its console through operating system problems or need to run diagnostics on the host. In this article, I will show you 4 different ways to reset forgotten root password on VMware ESXi 6.7 host. The password reset method is applicable to ESXi versions 6.x and 5.x () as well.

From VMWare's point of view, the only correct way to reset the root password on an ESXi host is to reinstall the OS (but this leads to loss of configuration and data on local disks). All other methods can lead to host failure, or transferring the system to an unsupported configuration, because ESXi lacks a service console and you cannot reset the password via single user mode like in Linux.

Let's say you forgot the root password for one of your ESXi hosts. In this case, 2 scenarios are possible:

1. your host is added to vCenter and you can still manage it
2. you forgot the password for the standalone ESXi host (or for the free edition of VMware)

Reset ESXi password using VMware Host Profile

Most ESXi hosts in large companies are managed through vCenter Server. Even if you have forgotten the root password, vCenter can manage the host settings without any problems. you have already bound the host to the vCenter and you simply do not need the root password. If you take the host out of vCenter (it's better not to do this) and try to add it again, you will need to specify the root password. Therefore, while your host is managed by vCenter, you can reset the root password using the VMware Host Profile (Host Profile).

Host profile is a collection of ESXi parameters you define that can be applied to any host to quickly configure it. Typically, a host profile is created after configuring a generic ESXi host and exporting its configuration to the Host profile. The administrator can apply this profile to any other host.

1. 1. Launch vSphere Web Client and log in to vCenter.
   2. On the home page, select Host Profile
   3. Click the button Extract Profile from a host toextract the ESXi host profile with the root password you know.
   4. Select an ESXi host and click Next.
      
   5. Specify the name of the profile (it is desirable to include its description).
      
   6. After the new profile is created, edit it.
      
      
   7. Using the built-in search, find the parameter named root (located in the Security and Services -\u003e Security Settings -\u003e Security -\u003e User Configuration -\u003e Root section). Select an option "Fixed Password Configuration" and provide a new root password.
      
      
   8. All other settings in the profile must be disabled. Click Finish.
      
      
   9. Now you need to bind this profile to your ESXi host, on which you need to reset the password. From the Actions menu, choose Attach / Detach Hosts.
      
   10. Select your ESXi host (where you want to reset the password) and click the button Attach.
       
       
   11. Go to the tab Host profile -\u003e Monitor -\u003e Complianceand press the button Remediate.
       
       
   12. After the verification is complete, the new settings will be applied to the host and it will have the Complaint status (i.e. the host configuration matches the assigned profile). In previous versions of ESXi, in order to apply a profile to a host, it must be put into Maintenance Mode, and a host reboot is also required.
       
   13. That's all, the root password on the host has been changed. Don't forget to unlink the profile from the host.

Resetting the root password using Active Directory and vCenter

You can also reset the root password on an ESXi host by using vCenter to add your host to an Active Directory domain. After you enable ESXi to a domain, you can log into it with a domain account and reset the local root user password.

Run the snap Active Directory Users and Computers and create a new one named ESX Admins (this is the name of the group). an account of a user whose password you know.

Now you need to add the host to the domain. In the vCenter console, select a host, go to Configure -\u003e Authentication Services -\u003e Join Domain. Specify the domain name and an account with the rights to add computers to the domain.

Now open the web interface of your ESXi host and log in to it under the account that you added to (the account name must be set in the format [email protected] or Domain \\ User).

Then you can exclude ESXi from the domain (Leave Domain).

Restart the host to apply the changes.

Resetting the root password on a separate ESXi host

In this section, we will show you how to reset the root password on a stand-alone ESXi server that is not added to vCenter. This method of password reset will require rebooting the host and shutting down all virtual machines running on it. To reset to, you need a bootable disk, for example, an iso image of Ubuntu GNOME. This image needs to be written to a USB flash drive, which can be done.

Then you need to boot ESXi from this flash drive, connect local storage from the ESXi host, unpack the archive and change the password file. Then you need to replace the file, reboot the host and try to log in to ESXi as root with an empty password.

Reset ESXi password in shadow file

For security reasons, the ESXi host stores the password encrypted in shadow. We need to change the root password in this file. Among all the partitions on the ESXi host, we only need / dev / sda5 (/ bootbank). It is in this disk partition that the OS image and configuration are stored.

After you have booted from the bootable USB drive, run the command:

Let's list the disks:

# fdisk –l | grep / dev / sda *

We need a 250 MB partition / dev / sda5. Create a mount point:

# mkdir / mnt / sda5

Create a temporary directory:

Mount the / dev / sda5 partition:

# mount / dev / sda5 / mnt / sda5

We need an archive file named state.tgz(inside it is the local.tgz file we need):

# ls -l /mnt/sda5/state.tgz

Unzip the files state.tgz and local.tgz:

Archive files can now be deleted:
# rm /temp/.tgz

The file shadow should appear in the temporary directory. Open the file with any text editor:
# vi / temp / etc / shadow

This is what the contents of the shadow files look like. As you can see, it contains all local accounts and their passwords (encrypted):

To reset the root password to empty, just delete everything between the first two colons and save the file.

Change to directory: # cd / temp

Now we need to pack the shadow file in reverse order:

# tar -czf local.tgz etc

Now move the new archive to the original ESXi image directory:

# mv state.tgz / mnt / sda5 /

Unmount the partition:

# umount / mnt / sda5

Now you can reboot the host:

When ESXi boots, it will unpack the local.tgz archive and copy the configuration files (including shadow) to the / etc / directory. Try to log in to the server through DCUI without a password. The system will indicate that the root password has not been set and must be changed for security purposes.

Select menu item Configure Password and enter a new password.

Replacing the password in the shadow file

As one of the options discussed above for resetting the password on an ESXi host, you can replace the shadow file with a file from another ESXi host (with a known password) rather than resetting it. You can shadow from another ESXi host to your bootable USB stick.

Boot your ESXi host from your bootable USB drive (Ubuntu GNOME in my example). And run the following commands:

Let's list the disks:

# fdisk –l | grep sd

Let's create two temporary folders.

# mkdir / mnt / sda5
# mkdir / mnt / sdb1

Mount the ESXi image partition and your USB disk containing the shadow file copied from another host:

# mount / dev / sda5 / mnt / sda5
# mount / dev / sdb1 / mnt / sdb1

Create temporary directories:

# mkdir / temp
# mkdir / mnt / sdb1 / save

Find the required file in the archive:

# ls -l /mnt/sda5/state.tgz

Copy the archive:

# cp /mnt/sda5/state.tgz / mnt / sdb1 / save

Unpack the archives:

# tar -xf /mnt/sda5/state.tgz –C / temp /
# tar -xf /temp/local.tgz –C / temp /

Make sure you unpack the / etc directory.

Delete the local.tgz archive.

# rm /temp/local.tgz

Replace the original shadow file with the one you copied from the other host:

# cp / mnt / sdb1 / shadow / temp / etc

You can see the contents of the file shadow.

# vi / temp / etc / shadow

Delete unnecessary accounts that you do not need (except for standard accounts). In my example, I will delete the Test user. Save the shadow.

Let's pack the contents of the / etc directory.

# tar -czf local.tgz etc

# tar -czf state.tgz local.tgz

Copy the state.tgz archive to the ESXi image section:

# mv state.tgz / mnt / sda5 /

Unmount the sda5 partition:

# umount / mnt / sda5

Reboot the host:

List of VMware Default Usernames and Passwords

Here is a comprehensive list of default username and passwords for most of the VMware products. If you "re like me, you tend to get alot of these confused. If I left any off, please let me know in the comments.

password: 123456

default ADM management console password is 123456 and the CLI password is ChangeMe

password: vmware

password: Supplied during OVA deployment

vCenter Log Insight

https: // log_insight-host /

password: password specified during initial configuration

password: vmware

password: vmware

For vSphere 5.1 \u003d Windows default username: [email protected]

For vSphere 5.1 \u003d Linux (Virtual Appliance) default username: [email protected]

password: specified during installation

Adding AD authentication to VMware SSO 5.1

For vSphere 5.5 \u003d default username: [email protected]

Appliance Configuration:

change the root password of the appliance Linux user. Otherwise, the first time when you try to log in to the appliance Web console, you will be prompted to change the password.

Orchestrator Configuration:

username: vmware

Orchestrator Client:

username: vcoadmin

password: vcoadmin

Web Operator

username: vcoadmin

password: vcoadmin

vCenter Orchestrator for Windows:

username: vmware

vCenter Orchestrator for vCloud Automation Center (built-in):

username: vmware

vCloud Automation Center Identity Appliance

vCloud Automation Center vCAC Appliance

password: password supplied during appliance deployment

username: [email protected]

password: SSO password configured during deployment

vCloud Automation Center built-in vCenter Orchestrator :

username: vmware

password: vmware (after initial logon, this password is changed)

username: [email protected] (or the SSO admin username)

password: specified password for the SSO admin during vCAC-Identity deployment

password: vmware

password: vmware

username: administrator

password: specified during wizard setup

vCloud Director Appliance

password: Default0

OracleXEDatabase

username: vcloud

password: VCloud

vCloud Networking and Security

password: default

password: default

VMware Site Recovery Manager :

username: vCenter admin username

password: vCenter admin password

vShield Manager

password: default

password: default

root: specified during deployment

password: specified during deplyent

darwin_user password: specified during deployment

admin: specified during deployment

password: specified during OVA deployment

username: created during wizard

password: created during qizard

vFabric Hyperic vApp

password: hqadmin

username: windows credentials

password: windows credentials

vSphere Data Protection Appliance

https: //: 8543 / vdp-configure /

password: changeme

password: You configured the root password during the OVF deployment of the vSphere Replication appliance

Zimbra Appliance Administration Console

username: vmware

password: configured during wizard setup

VMware offers many appliances for their products. Unfortunately they are not all created equally. The installation and configuration procedures differ for most appliances and also the default usernames and passwords are different throughout the range of appliances. So here is a list of default usernames and passwords. For as far as I know them, if you miss one please let me know and I will add it to this list.

Appliance name (all versions unless specified differently) user password
vCenter Server Appliance root vmware
vSphere Data Protection root changeme
vSphere Management Assistant vi-admin vmware
vCenter Operations Manager Appliance administrative user for UI-login admin admin
vCenter Operations Manager Appliance root user root vmware
vShield Manager admin default
vSphere Replication root<*>
vCloud Director 5.5 root / guest<*>
vCloud Connector (server and node) admin vmware
Horizon Workspace root / admin<*>
vCenter Orchestrator Appliance Configuration vmware<*>

<*> for some appliances you configure the password during the OVA or OVF deployment.

As usual with passwords, you can lose, forget the password, fire the only employee who knew him, and much more. What if it was the root password on VMware ESX Server? How can I reset it? Read on to find out what you can do.

1. Reboot VMware ESX Server

If you do not know the root password for your VMware ESX Server, and you do not have passwords for root equivalent accounts, then the first thing you need to do is restart VMware ESX Server.

2. Press "a" to modify kernel boot

Once the GRUB menu appears, press a to modify the boot:

3. We enter single user mode

At the end of the kernel arguments line, type "single" and press Enter:

4. Change the password

We can now change the root password using the passwd command:

You need to enter your new password twice.

5. Reboot ESX Server

After changing the password, restart the server to return to multi-user mode.