Reset administrator@vsphere.local and root password VCSA

Reset administrator@vsphere.local and root password VCSA

7 OCTOBER 2019KABIR

If you find yourself in a situation where nobody knows what the administrator password is for the vCenter Server Appliance, this guide should help you get back in control.

The problem: no password vault manager

The solution: in 10 steps we can take back control.

First you need to figure out on which ESXi host the VCSA VM is running. You will need permissions (power on, power off, console and snapshot) on that ESXi host.

Step 1: Log in to that ESXi host and guest power off the VCSA VM

 

Step 2: Just for rollback sake, create a snapshot

 

Step 3: Open the console and power on the VCSA VM. Hit “e” when you see the Photon OS bootscreen

 

Step 4: Go to the end of the line starting with “linux “/”$photon_linux…” append that line with:

rw init=/bin/bash

Make sure to leave a space between “consoleblank=0” and “rw”

Once done, hit F10

 

Step 5: The VCSA VM will boot and you will be prompted with a shell. Create a new root password:

passwd

Enter your new root password twice.

You will reset the administrator@vsphere.local password later on. When you have set a new password enter:

reboot –f

The VCSA will  now reboot.

 

Step 6: If needed enable SSH. Somehow I needed to enter the root password twice, I’m pretty sure I entered the password correct the first time.

Step 7: Open Putty (or any other SSH client) and SSH into the VCSA with the newly created root password. Now we can reset the administrator@vsphere.local password.

When logged in:

shell

/usr/lib/vmware-vmdir/bin/vdcadmintool

3

administrator@vsphere.local

A new password is generated for the administrator account. You can use this password to log in to the vCenter Server Appliance.

 

Step 8: Get access to the VCSA by copy pasting the new administrator password from the previous screen

 

Step 9: Time to clean up and remove the snapshot:

Right click VCSA VM -> Snapshots -> Manage Snapshot -> delete -> done

 

Step 10: Create a new administrator@vsphere.local password:

Menu -> Administration -> Users And Groups -> Set: Domain to vsphere.local -> “3 dots” left of Administrator -> Edit -> set new password -> Save

 

Bonus tip: there are plenty of password vaulting apps, make sure to use one.

This is tested with VCSA 6.7 with an embedded PSC. This should work with previous VCSA versions and external PSC as well. But I haven’t tested other setups. If you have, please let me know the outcome below.

Thanks for reading!