Reset ESXi root password
From Notes_Wiki
Revision as of 03:30, 26 February 2024 by Saurabh (talk | contribs) (Created page with "Home > VMWare platform > VMWare vSphere or ESXi > Reset ESXi root password Official KB at https://kb.vmware.com/s/article/1317898 suggests only option to reset password in ESXi 3.5 and above is by reinstalling. However as per referece link we have a few other options such as: '''Note that the below options are not validated in production yet''' ; Host profiles : Via vCenter extract existing host's host-profile. Then edit the host profile an...")
Home > VMWare platform > VMWare vSphere or ESXi > Reset ESXi root password
Official KB at https://kb.vmware.com/s/article/1317898 suggests only option to reset password in ESXi 3.5 and above is by reinstalling. However as per referece link we have a few other options such as:
Note that the below options are not validated in production yet
- Host profiles
- Via vCenter extract existing host's host-profile. Then edit the host profile and set a new root password. Then put host in maintenance mode. Finally remediate host against modified profile with the new root password.
- Extracting host profile: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.install.doc/GUID-4D8EDD07-6C77-4845-8F0E-A0F4C9102840.html
- Editing host profile: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.hostprofiles.doc/GUID-61B92C8F-FB70-4DA9-A7E9-0F546FA8DFE5.html
- Remediating host against host profile : https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.hostprofiles.doc/GUID-701A6A5D-86AC-4DBE-A030-2B9D3B6F9C05.html
- AD "ESX Admins" group
- If we have integrated ESXi with AD then we can add a user to "ESX Admins" group and use that to reset password
- Integrating ESXi with AD for authentication :: https://kb.vmware.com/s/article/2075361
- Live booting
- Live boot ESXi using Linux and mount /dev/sda5 (bootbank). In bootbank there is stage.tgz file with one of the files in the .tgz and local.tgz. The local.tgz has etc folder along with shadow file as its contents. We can remove the encrypted password hash from the shadow file and recreate local.tgz and stage.tgz with modified shadow file. Then umount /dev/sda5 and reboot. Inplace of removing the encrypted password we can also replace the salted hash from /etc/shadow of some other ESXi where we know the password.
The reference linked below shows above steps in much more detailed and easy to understand manner.
Refer:
Home > VMWare platform > VMWare vSphere or ESXi > Reset ESXi root password
