Resetting a lost ESXi root password

While VMware support’s official stance is that there is no supported way to reset a lost ESXi password; there are actually a few ways to do it, and I will show you the easiest process with the least risk. Keep in mind, this is an unsupported method, so please do so at your own risk, although in this case, the risk is very minimal.

In order for you to use this method there are a couple prerequisites that must be met.

  • The host is connected to vCenter Server and Responding
  • You have Enterprise + licensing as we will leverage host profiles

When you first connect a host to vCenter Server, the a new user called “vpxuser” is created on the host. The vpxuser gets assigned a hashed password that is encrypted with the vCenter Server certificate and is assigned root privileges. Since this user has these permissions, it allows us to leverage those permissions and a host profile feature that lets us specify a root password to the host we apply the profile to.
 
Step 1. Create a host profile from any one of your hosts. We will only configure the password and uncheck all other settings. To do so, right-click on the host, select “Host Profile“, then “Create Profile from host…

create
 
Step 2. Specify a Name for the host profile then click Next, Finish.

hpname
 
Step 3. You then want to change the configuration of the host profile. Click on Home at the top, then select Host Profiles.

home
 
Step 4. Right Click on your host profile and select “Edit Profile...”

editpf
 
Step 5. Expand out “Security configuration” and select “Administrator password” then select “Configure a fixed administrator password

configpw

 

Step 6. Type your new password in both text boxes then click “OK
 
Step 7. Right Click on the host profile again, but this time select “Enable/Disable Profile Configuration…

enable

 
 
Step 8. Uncheck the top level box to deselect all configuration options, then re-check “Security configuration” then click “OK

uncheck
 
Step 9. Click “Home” then “Hosts and Clusters” to return to the previous screen.
 
Step 10. Put your host in maintenance mode by right clicking and select “Enter Maintenance Mode”

maint
 
Step 11. Right Click on the host again, and select “Host Profile” then “Manage Profile…

man
 
Step 12. Highlight your profile, then click “OK

highlight
 
Step 13. Finally, Right click on your host select “Host Profile” then select “Apply Profile

last

 

Step 14. Click “Finish”

fin

 

That’s all! It’s pretty simple to do as long as you meet the two prerequisites at the beginning. I hope this helps anyone who has lost their password and does not want to do a full reinstall.

 

Posted by:

Sean Whitney

2 Comments

  1. Jay Closky -  March 14, 2015 - 7:33 am 25

    If you have an Enterprise license you are probably in a corporate environment. As an alternative to using a host profile, you can enable Active Directory authentication and log into the host (with your AD account) and then change the root password.

    Reply
    • Sean Whitney -  March 14, 2015 - 9:11 am 26

      Hi Jay!! You found my blog I just started, haha! That’s an interesting method, I haven’t thought about that before. Thinking through it, all you would have to do is add yourself to the “ESX Admins” group and you definitely could change the root password. Very nice.

      Reply

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top