Select Page

Resetting Password on ESXi Host

Resetting Password on ESXi Host

If you need to reset the password of an ESXi host, you can use the following steps for different situations. According to VMware, the only supported way to reset a lost password is to do a fresh install. However, there are ways around it if your host is already connected to vCenter.

If you know the current password, you can reset by using the following method.

  1. Connect directly to the host via vSphere client (C# [fat] client – can’t use web client here).
  2. Select the host on the left and click the Local Users & Groups tab.
  3. Right click root (or other user) and select Edit. Change the password using the provided area.
edit root

Right Click User & Edit to Reset Password

edit root properties

Update Password or Properties of Local User Account

 

If you do NOT know the host password but it’s currently connected to vCenter, you can use Host Profiles to reset the password. Follow these steps to reset it via Host Profiles.

*Note: Don’t forget that Host Profiles are a feature of Enterprise Plus licensing only.

1. Right click the host, choose All vCenter Actions, Host Profiles, and select Extract Host Profile. Run through the wizard to create the new profile.

Extract Host Profiles
2. At the top of the vSphere client, click Home and Host Profiles under the Management section. Right click the newly created profile and choose Edit.

3. Click Next to the Edit Host Profile step and expand Security and Services, then expand Security Settings. Click on Security Configuration. Modify the dropdown list and select the “Configure a fixed administrator password” option. Enter the new password.

reset password

 

4. Complete the wizard which will save all your changes.

5. Back in the Hosts and Clusters view, right click your host and go to All vCenter Actions, Host Profiles, and Attach Host Profile. Select your profile you created and customized and finish the wizard.

6. Put your host in maintenance mode.

7. Right click the host again, All vCenter Actions, Host Profiles, and Remediate. If your host is not in maintenance mode, you’ll get the message “Remediate operation is allowed only for hosts in maintenance mode”

remeidate host mm

 

8. Once the Host Profile is applied, the host will reboot and your password will now be updated.

 

 

About The Author

Bryan Krausen

Bryan Krausen is currently working as a Technical Architect with experience in a vast number of platforms.

Bryan has been active within the VMware vExpert community for several years and is the leader of the Louisville VMware User Group (VMUG) and Louisville AWS User Group.

3 Comments

  1. You can reset the root password without taking it offline if the host
    is using Active Directory as an Authentication Service. By default the
    host will look for the domain group “ESX Admins” and grant it
    Administrator Privileges.

    – Create the group “ESX Admins” in the domain

    – Add an AD user to the “ESX Admins” group. Note: I had to add an AD user
    that I hadn’t used to login to the host before; for some reason it had
    given Read-Only privileges to the AD account I had tried before creating
    the “ESX Admins” group, using a different user forced the host to query
    AD and confirmed membership.

    – Use vSphere client to login directly to host using AD user

    – Go to “Local Users & Groups”, right-click root > edit > change password

    From here on you can also add new users and set/fix permissions.

    Reply
    • btkrausen

      Agreed. But if the host is already setup for AD authentication you shouldn’t be logging in as root anyway.

      Reply
  2. Would you have to randomize the password and then clear the host profile of that password in order to ensure that the host profile couldn’t be obtained? There may be an inherent security issue or possibly one of insider threat if all hosts had the same password and the host profile were accessible to another administrator (or if an outsider obtained access to the host profile).

    Reply

Leave a reply

Your email address will not be published.