Process to Reset the Root Password in VCSA:
Note: 6.7U1 and later has a simpler method to reset the password, see
How to reset the lost or forgotten root password in vCenter Server Appliance 6.7 U1 and later
To reset the root password for the vCenter Server Appliance:
- Take a snapshot or backup of the vCenter Server Appliance before proceeding.
Caution: Do not skip this step
Note: If the vCenter Appliance is on the same ESXi hosts it manages. Connect directly to the ESXi host that it is located on to perform these steps.
- Reboot the vCenter Server Appliance.
- After the VCSA Photon OS starts, press the e key to enter the GNU GRUB Edit Menu.
- Locate the line that begins with the word Linux.
- Append these entries to the end of the line:
rw init=/bin/bash
The line should look like the following screenshot:
- Press F10 to continue booting.
- Run the command
mount -o remount,rw /
- Unlock the 'root' account using below command if it is already locked due to multiple logins with incorrect password
pam_tally2 --user=root --reset
For 8.0 U2 onwards:
/usr/sbin/faillock --user root --reset
Note: pam_tally2 is deprecated in Photon 4, use faillock instead.
- In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation):
passwd
- Unmount the filesystem by running this command (yes, the unmount command is umount - it's not a spelling error):
umount /
- Reboot the vCenter Server Appliance by running this command:
reboot -f
- Confirm that you can access the vCenter Server Appliance using the new root password.
- Remove the snapshot taken in Step 1 if applicable.
- You could set the Root password to never expire in order to prevent this issue by running command: # chage -I -1 -m 0 -M 99999 -E -1 root or at the VAMI ( https://<vcenter_fqdn>:5480)
Note: If you continue to have issues, see Unable to log in to the vCenter Server Appliance shell using root account even after password reset