How to reset root password on vCenter Appliance (VCSA) 6.x?

By | September 22, 2015
0 Comment

Recently I received two emails from my readers. One of my reader wrote that my procedure to reset the root password on vCenter Appliance (VCSA) 5.5 is not valid for 6.x version and the second mentioned that he forgot the GRUB password and was not able to reset the root password.

Because recently I haven't had any problem with my memory 😉 and I haven't had to reset the root password on my VCSA 6.0 U1, I decided to investigate and confirm how to reset the root password on VCSA 6.x just for fun 😉 I checked and the mentioned procedure for VCSA 5.5 also works for VCSA 6.x... However you have to know the GRUB password. If you do not remember the GRUB password, also it is possible to change/reset root password. vCenter Appliance (VCSA) is based on SUSE Linux so it should work a procedure to reset root password as for standard linux - boot a VM using a livecd Linux distribution (e.g. Fedora, Debian or Knoppix) and use a tool mkpasswd to regenerate a password hash. In this post I will show step by step how to reset the root password on vCenter Appliance (VCSA) 5.5 or 6.x by regenerating hash.

At first you need a livecd Linux distribution, I used Knoppix but it can be Fedora. However Knoppix contains mkpasswd by default but if you use Fedora, you would have to install it via yum/dnf (so also internet access would be necessary..).

  1. Mount a livecd Linux to the VCSA VM.How to reset root password on vCenter Appliance (VCSA) 6.x -2
  2. Set up boot from CDROM in VM BIOS.How to reset root password on vCenter Appliance (VCSA) 6.x
  3. Boot VM using livecd.How to reset root password on vCenter Appliance (VCSA) 6.x -3

  4. Open a terminal and enter the following commands to create a mount folder and mount VCSA disk to the mount folder:

    sudo mkdir /mnt/vcsa
    sudo mount /dev/disk /mnt/vcsa

    How to reset root password on vCenter Appliance (VCSA) 6.x -5

  5. Create a backup of the shadow file and create a txt file with root hash. Then generate a new hash using a new password and salt (between $):

    sudo cp /mnt/folder/etc/shadow /mnt/folder/etc/shadow.copy
    sudo cat /mnt/folder/etc/shadow | grep root > hash.txt
    mkpasswd -m sha-512 new_password old_salt

    How to reset root password on vCenter Appliance (VCSA) 6.x -6

  6. Copy and paste a new hash to the shadow file (open the shadow file using vi). Save the file using :wq!How to reset root password on vCenter Appliance (VCSA) 6.x -7

  7. Reboot the VCSA VM:

    sudo reboot

As I showed in this post, if you forget the root password (and GRUB password as well), you can reset it almost as easy as patching VCSA 🙂