Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Virtualization / VMware / Reset Root Password in VMware ESXi

October 6, 2023

Reset Root Password in VMware ESXi

According to the official VMware documentation, reinstalling ESXi from scratch is the only supported way to reset the root password (https://kb.vmware.com/s/article/1317898). You can also reset your password using Host Profiles (vCenter and Enterprise Plus license required). However, your ESXi host configuration will be completely lost after a reinstall. Virtual machine data and configuration files remain on the VMFS/NFS datastore and can be quickly imported to the host after reinstallation.

Actually, you can reset the root password on VMware ESXi without reinstalling if you boot your host using any Linux boot/rescue disk. It’s not difficult.

Contents:
  • How to Reset ESXi Password Using Linux Live CD
  • Reset ESXi Root Password Using VMware Host Profiles

If you have forgotten your root password, you will not be able to authenticate as root using the DCUI or the VMware Host Client web interface:

Authentication failed
Invalid login or password.

ESXI DCUI: unable to login as root

How to Reset ESXi Password Using Linux Live CD

ESXi stores user passwords (or rather their hashes) in the /etc/shadow file, which is stored in the local.tgz archive, which is archived in state.tgz. In theory, you could retrieve and decrypt the root password hash from this file, but this is only feasible for simple passwords. So it is better to set a blank current root password in the shadow file or replace it with the hash of a password you know.

Boot your ESXi host from any Linux LiveCD and open the console.

List disk partitions:

# fdisk –l

We need /dev/sda5 (in VMware terms, it is called bootbank) and /dev/sda6 (contains altrbootbank) partitions with the size of 1 GB in ESXi 7.x (in previous ESXi versions, the size of these partitions was 250 MB).

ESXi system partitions: sda5 and sda6

First, reset a password in the ESXi configuration in /dev/sda5. Create mount points and a directory for temporary files:

# mkdir /mnt/sda5
# mkdir /mnt/sda6
# mkdir /temp

Mount /dev/sda5:

# mount /dev/sda5 /mnt/sda5

Copy state.tgz file from sda5:

# cp /mnt/sda5/state.tgz /temp
# cd /temp

Unpack state.tgz:

# tar xzf state.tgz

There is another local.tgz archive inside, unpack it as well:

# tar xzf local.tgz

The etc folder appears in the current directory.

Edit the shadow file using any text editor:

# nano /temp/etc/shadow

This file contains the password hashes of the local ESXi users.

esxi root password hash in /etc/shadow

To remove the current password and set a blank password for root, clear the hash value. It should look like this:

Reset the ESXi root password to a blank one

Save your changes to the file, delete the old tgz archives, and repack them all:

# rm *.tgz
# tar czf local.tgz etc
# tar czf state.tgz local.tgz

Replace the state.tgz file on the sda5 ESXi partition:

# mv state.tgz /mnt/sda5

Unmount the partition:

# umount /mnt/sda5

In the same way, set a blank password in the passwd file on the sda6 partition (you should now be able to connect to ESXi with an empty root password).

Now you can restart your ESXi host and remove the bootable flash drive/image. You can connect to ESXi with an empty root password.

This password reset method works for all versions of ESXi (5.x, 6.x, 7.x, and 8.x) including the free VMware Hypervisor.

Be sure to set a new root password after signing in.

Reset ESXi Root Password Using VMware Host Profiles

If you have deployed vCenter and have installed vSphere Enterprise Plus licenses on hosts, you can reset the root password on any managed host using VMware Host Profiles. In this scenario, to apply VMware profile settings (and new root password) to an ESXi host, the vpxa privileged account is used, which is added when connecting a host to vCenter. This method allows you to reset the root password without rebooting the ESXi host.

  1. Connect to your vCenter and go to Policies and Profiles -> Host Profiles -> Extract Host Profile; VMware vCenter: Extract Host Profile
  2. Select your ESXi host and specify the name of the profile you want to save the settings to;
  3. Click on the profile and select Edit Host Profile;
  4. Go to Security and Services -> Security Settings -> Security -> User Configuration -> root;
  5. Set a new root password in the Fixed password configuration; Reset ESXi root password using vCenter Host Profile
  6. Then apply the profile to your ESXi host. It is recommended that you enable the maintenance mode for it (Maintenance Mode -> Enter Maintenance) and move all virtual machines to other hosts;
  7. Attach the profile to the host (Host profiles -> Attach Host Profile); Attach host profile in vCenter
  8. Then go to Host Profiles, select your profile, and click Remediate;
  9. To apply profile settings (including the new password), click Remediate again; Remediate a host profile in VMware vCenter
  10. The root password on your ESXi host is reset and you can take the host out of maintenance mode.
2 comments
8
Facebook Twitter Google + Pinterest
VirtualizationVMware
previous post
How to Query and Change Teams User Presence Status with PowerShell
next post
PowerShell: Configure Certificate-Based Authentication for Exchange Online (Azure)

Related Reading

How to Fix ‘An Operating System Wasn’t Found’...

August 24, 2023

How to Install Free VMware Hypervisor (ESXi)

March 17, 2024

Adding ESXi Host to VMware vCenter Server (vCSA)

March 12, 2024

Unmounting an NFS Datastore from VMware ESXi

March 12, 2024

How to Migrate (Import) VMs from VMware ESXi...

July 24, 2024

How to Increase Virtual Machine Disk Size in...

March 17, 2024

Managing VMware Infrastructure with Ansible

December 11, 2023

How to Create a Virtual Machine on VMWare...

March 12, 2024

2 comments

Anders November 18, 2023 - 10:27 am

Manipulating the shadow file isn’t supposed to be possible since 7.0 U2 since the .tgz file is encrypted. The article says this method works on all versions. Have you tested it on 7.0 U2 and newer?

Reply
Ted Mittelstaedt May 2, 2025 - 10:01 pm

It does not work with ESXi 7 or later. A Linux boot stick won’t help

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Configuring Windows Protected Print Mode (WPP)

    May 19, 2025
  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Adding Drivers into VMWare ESXi Installation Image
  • How to Fix ‘An Operating System Wasn’t Found’ Error on Windows
  • How to Access VMFS Datastore from Linux, Windows, or ESXi
  • Hyper-V Virtual Machine Stuck in Stopping/Starting State
  • Recovering a Deleted VMFS Datastore on VMware ESXi/vSphere
  • How to Install and Configure Free Hyper-V Server 2019/2016
  • Updating VMware ESXi Host from the Command Line (ESXCLI)
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top