Ever found yourself breaking your head on a root password for your ESX(i) host, while it’s still manageable through vCenter? Well, I did!
After searching the internet, I found that there are numerous methods of resetting the root password. Even by using a LiveCD! While most are just working fine, the mostly require you to turn off your host. Something I didn’t want to do. Also, vCenter was still able to manage the host in question, so why can’t we just use vCenter?
vCenter has the ability of configuring VMWare hosts with host profiles, and in these profiles we can configure the ‘administrator’, aka root, account. So why not use it? This post will show you how to use it.
Are you unable to use vCenter or host profiles? Maybe these links are useful for you:
Let’s start with opening the host profiles option in your vSphere client.
Then we choose to create a new profile, name is something like ‘resetPassword’ and select any baseline host.
Now we wait until the creation is completed.
On the left pane select your new host profile and right-click and select edit profile. Then go to security configuration -> administrator password.
Now on the right pane, select ‘configure a fixed administrator password’ from the drop down box and fill-in the new password.
Click OK and right-click your host profile again. Select ‘enable/disable profile configuration’. By default all options are selected. Make sure that everything except “Security configuration” is deselected. This makes sure that only the security configuration is checked and updated, and ignores all other configuration options in the profile. So there’s less to go wrong. ;o)
Now click OK and we’ll start attaching the host of which we want to reset the password. Click ‘Attach Host/Cluster’ and select the right host, click Attach and then OK.
Select the host and first click ‘check compliance’ so we can double check that there are no other issues and we did not forget to disable a portion of the profile. The compliance should be OK.
When there is something wrong, like you forgot to disable portions of the profile, you see something like this, together with the part which is causing the error.
Fix the issue and repeat the compliance check until it’s OK.
Now we’re going to apply the host profile, and make sure again that only the administrator password will be changed.
NOTE: The host needs to be in maintenance mode before you can apply a host profile. If the host isn’t yet in maintenance mode, you’ll receive this error:
Click finish and wait for the job to complete.
Voila, the root account of the host has been reconfigured and you should be able to log in again. Now the only thing left is to detach the host from the profile: