Maintaining access to your vCenter Server Appliance (VCSA) is essential for managing your virtual infrastructure. However, it's not uncommon for administrators to lose or forget the root password. Fortunately, VMware provides a method to reset the root password through single-user mode in the Photon OS used by VCSA.
Step-by-Step Root Password Reset Procedure
Before performing any changes, it is highly recommended to take a full snapshot of the VCSA. This ensures you can roll back in case anything goes wrong during the reset process.{alertWarning}
Step 1: Reboot the vCenter Server Appliance
Restart the VCSA from your hypervisor console or remotely if you still have access.
Step 2: Access GRUB Boot Menu
As soon as the Photon OS splash screen appears, press the "e" key to enter the GNU GRUB Edit Menu.
Step 3: Modify the Boot Parameters
Locate the line starting with linux or linuxefi, and append the following at the end of that line:
rw init=/bin/bash{codeBox}
Step 4: Boot into Single-User Mode
Press F10 to continue booting with the modified parameters. This will load the shell as the root user without prompting for a password.
Step 5: Remount the Root Filesystem
Once the shell loads, run the following command to remount the root filesystem with write permissions:
mount -o remount,rw /{codeBox}
Step 6: Clear Lockouts (if needed)
If the root account is locked due to failed login attempts, you’ll need to reset the lockout:
- For vCenter versions prior to 8.0 U2:
pam_tally2 --user=root --reset{codeBox}
- For vCenter 8.0 U2 and later (Photon OS 4):
/usr/sbin/faillock --user root --reset{codeBox}
Note: pam_tally2 is deprecated in Photon OS 4. Always use faillock for newer versions.{alertInfo}
Step 7: Reset the Root Password
Now, set a new password for the root account:
passwd{codeBox}
Enter and confirm the new password when prompted.
Step 8: (Optional) Prevent Future Expiration
To ensure the root password does not expire, you can configure the account with:
chage -I -1 -m 0 -M 99999 -E -1 root{codeBox}
Step 9: Verify Password Policy and Expiry Settings
Check the root account’s password aging settings:
chage -l root{codeBox}
Step 10: Unmount the Filesystem
Before rebooting, safely unmount the filesystem:
umount /{codeBox}
Step 11: Reboot the Appliance
Restart the VCSA to load the system normally:
reboot -f{codeBox}
Step 12: Verify Login then Cleanup
Once the system is up, log in using the newly set root password to ensure everything is working correctly. If successful, go ahead and delete the snapshot created earlier.
Conclusion
Resetting the root password for the vCenter Server Appliance might seem intimidating, but with careful execution and proper backups, it’s a straightforward process. Always keep track of root credentials and consider setting a reminder for password expiration policies to prevent being locked out in the future.
Helpful, thank you!
ReplyDelete