Even though most of the enterprise using vCenter Server to manage ESXi hosts and its virtual infrastructure, We need to have to have console access or Shell access (via SSH) of ESXi host in some of the troubleshooting scenarios. There are many scenarios that I have come across like we forgot root password of the ESXi root password due to IT staff was replaced or even we forgot to keep track the replaced root password. In this article, I will explain how to reset ESXi Root Password using VMware Host Profile.
Even without knowing the ESXi root password, vCenter Server allows us to manage the ESXi hosts and all its components such as network, storage and virtual machines running on those ESXi hosts if it was added earlier with the root password. It will not create a problem until you remove the ESXi host from vCenter Server inventory and trying to re-add into vCenter inventory. It will ask for the root password to add the ESXi host to vCenter Server inventory. So We need the ESXi root password but we don’t remember the root password. So only option to reset the ESXi root password. If you looking for the procedure to reset the root password of vCenter Server Appliance, take a look at my article The Ultimate Revelation Of Reset VCSA 6.5 Root Password in 60 seconds
As per VMWare, Reinstalling the ESXi host is the only supported way to reset a password on ESXi. Any other method may lead to a host failure or an unsupported configuration due to the complex nature of the ESXi architecture. ESXi does not have a service console and as such traditional Linux methods of resetting a password, such as single-user mode.
I assume the above statement applicable when the ESXi host which is no more in the network and not managed by vCenter Server. Reinstalling ESXi host will lose local datastore, every configuration settings of ESXi hosts such as networking, storage and so on. There are few other ways where you can reset ESXi host without losing the host configuration. One among them is reset ESXi root password using VMware Host Profile.
There are two Pre-requisites to reset ESXi root password using VMware Host Profile
1. The ESXi host is reachable via the network and managed through the vCenter Server
2. ESXi host configured with vSphere Enterprise Plus license
Let’s take a look at the detailed procedure to reset ESXi root password using VMware Host Profile.
Reset ESXi Root Password using VMware Host Profile
Host profile is nothing but a blueprint of configuration settings that you can apply to an ESXi host to change its configuration. You can configure one ESXi host with all the settings as per your enterprise standard and extract the profile from a host. This extracted profile will act as a blueprint and can apply to another ESXi hosts to maintain a consistent configuration across ESXi hosts in your infrastructure and also saves a lot of time in the confguring ESXi host after the build.
To Create Host profile, Login to vCenter Server using vSphere Web Client. Click on Host Profile icon on the home page of the vSphere Web Client. Click “Extracted Profile from a host” to extract a profile from ESXi host with the known root password.
Select the ESXi host from which you want to extract all the settings from. Click Next.
Specify the name and description for the host profile. Provide the description for the host profile which helps you to identify the purpose of this profile.
Once the host profile is created. Select the Host profile and Right-click the Host profile -> Click Edit Settings
For quicker navigation to the Root Password settings in Host Profile, Search for Root in the search box. Select the “Fixed Password Configuration” under Password and specify the standard root password which you want to apply to the ESXi host with forgot root password.
Deselect all other configuration such as Networking Configuration, General System settings, advanced configuration, Storage configuration, etc. of the host profile except Security > User Configuration > root. Click Finish.
Under Actions menu ->Attach/Detach Hosts to attach the ESXi host to apply this host profile to reset the root password or you can click on the below-highlighted symbol to attach or detach host to this host profile.
Select the ESXi host(s) and click on Attach to attach to this Host profile to reset the ESXi root password. Click Finish.
Once ESXi host attached to the Host profile, we need to check the host profile compliance. Select the created Host profile -> Monitor -> Compliance tab. Click on the below highlighted symbol (Red X and Green tick mark) to check the host profile compliance or Click Check Host profile Compliance under Actions menu.
Compliance tab will display the host compliance with the attached host profile. I can notice one of the ESXi host which is not compliant with the attached Host profile. Not Complaint host is the ESXi host which I forgot the root password and I want to reset the ESXi root password using VMWare Host Profile.
If you click on the Not Complaint ESXi host, it will display the settings name which is non-complaint to the attached Host profile. It displays the description as ” Password in profile does not match that on the host for root”.
So We need to remediate the ESXi host which is showing as “Not Complaint” to reset the ESXi root password to the same password which we have specified it in the attached Host Profile. Click on Below highlighted “Tools” Symbol or Select Remediate under Actions Menu.
Click on Finish to start the remediation of the ESXi host based on the attached Host Profile.
Once the ESXi host remediation is completed, You can see the ESXi host is now “Complaint” with the attached Host profile.
That’s it. We have reset the ESXi root of the ESXi host(s) using VMWare Host profile without reinstalling ESXi host and losing ESXi host Configurations. I hope this article is informative for you. Thanks for Reading!!!. Be social and share it with social media, if you feel worth sharing it.