VMware ESXi Root and Default Password
Here you will find out:
- VMware root and default password
- how to recover the ESXi default password
- how to use a backup of VMWare virtual machine
Are you ready? Let's read!
VMware root and default password
When installing the ESXi hypervisor, a root password is set. However, if forgotten, administrators cannot change it from the ESXi default. How can this happen, you may ask?
In essence, after configuring the ESXi server, the system administrator may not log into the ESXi server for a long time. After all, if you are not going to reboot the ESXi host from the ESXi console, no password is required. But, if an unexpected situation occurs (e.g., a power failure) or you need to make changes to the ESXi configuration, then you need to enter the root password, which is required to log in. But if the administrator has forgotten the password, that won’t be possible. Of course, there is an option to reinstall the ESXi server, but it will take a lot of time and effort. Is it possible, then, to reset the ESXi default password without reinstalling the server, and how do you do it? Don't panic if you've been told that this is impossible.
This article has a couple of great tips on how to reset the ESXi root password.
How to recover the ESXi default password
VMware Host Profiles is a feature that allows you to reset the ESXi root password. However, you need to do the following:
- 1. Manage the ESXi host via vCenter
- 2. Have a VMware Enterprise Plus license
Now you can start recovering the default password:
- 1. Go to the VMware vSphere web client. To do this, enter the IP address of your vCenter Server in a web browser.
- 2. In the shortcut menu, go to the host profiles and click on the Extract host profile button.
- 3. In the new window, select the ESXi host as the basis for creating the host profile and click Next.
- 4. Now enter the name of the newly extracted profile and click Finish.
- 5. In the Host Profiles tab, select the newly created host profile and select Edit Host Profile.
- 6. In the left pane of the new assistant window, open the Security & Services section.
Next, select Security, then click on User Configuration and finally on root.
Deactivate unnecessary options.
- 7. In the Fixed Password Configuration window, enter a new ESXi password, confirm it and then save it.
- 8. Now go to Host Profiles, right-click the recently edited host profile and select Attach / Detach Hosts and Clusters. Select the ESXi host whose root password you forgot and click on Save.
- 9. Next, the restored ESXi host needs to be put into maintenance mode; this can be done in the Hosts and Clusters section. You are now in a special mode that should be used for the ESXi host when it is in production.
- 10. Now go back to Host Profiles, right-click on the newly edited Host Profile and click Restore.
- 11. Go to the Patch pre-check section to validate the target host and click Fix.
- 12. Once the fix is complete, exit maintenance mode by right-clicking on the ESXi host and choosing Exit Maintenance Mode.
The ESXi password for root will change immediately after the new host profile is applied.
How to reset an ESXi password
This method is versatile and quite effective.
ESXi stores password hashes in a special system file: /etc/shadow, where the password is encrypted. It looks like this:
root: $ 1 $ xxxx $ xxxxxxx: 13354: 0: 99999: 7 :::
When the user enters a password, it is converted into a hash in computer memory. It, in turn, is compared with the hash stored in the system file /etc/shadow. If the match is 100%, then the user has public access to the profile.
So, in order to reset the password in this way, you need some kind of installation media (a DVD-R, say, or a bootable USB stick) and an ISO image of a Linux distribution; for example, Ubuntu.
Now burn the ISO image to the installation media.
Reboot your ESXi host with the forgotten password and boot from the boot drive.
Now right-click on the desktop and then click on Open Terminal.
Go to the /dev/sda5, which contains the /etc/shadow file.
Next, create temporary directories in the virtual file system to mount the partition that contains the /etc/shadow file:
mkdir /mnt/sda5-esxi
Next, create a directory to store temporary files:
mkdir /temp
Next, mount:
mount /dev/sda5/mnt/ sda5-esxi
Next, select the state.tgz file (where ESXi password hashes are located) and unpack it into a temporary directory:
tar -xf /mnt/sda5-esxi/state.tgz -C /temp/
Now, from the state.tgz file, extract the file local.tgz:
tar -xf /temp/local.tgz -C /temp/
Next, unpack the containing ESXi password hashes and then remove it from the temporary directory:
rm /temp/local.tgz
You can now open the /etc/shadow file in a text editor and view the ESXi password hashes for ESXi users.
To reset the ESXi root password, change the line containing root. This line after editing should look like this:
root :: 13358: 0: 99999: 7 :::
Now save the changes and change to the /temp directory:
cd /temp
Now repack the archives:
tar -czf local.tgz etc.
The new archive with the root password removed should be moved to its standard location:
mv state.tgz /mnt/sda5-esxi/
Next, reboot the server and, after booting the ESXi server, press F2 to see the authentication screen. The password field is blank. Then press Enter. Then set a new ESXi password.
Tip: how to work with VMware Home LabVMFS Recovery for VMware ESXi
DiskInternals VMFS Recovery™ is a professional application that every virtual machine owner should have on their desktop.
It helps recover lost VMDK files and images from damaged and failed disks, while automatically checking the current state of the VMware VMFS datastore, RAID (if used) and volumes, and reading VMFS structures. After searching the data carefully, you always have the opportunity to see the amazing results for free. After you are unconditionally convinced of the competence of the application, buy a license to export data to external storage devices. If you have any difficulties, just activate the Recovery Wizard and follow its instructions.
The VMFS Recovery instructions are as follows:
- 1. Download and install the program on your computer.
- 2. When you open the app, connect via SSH.
- 3. Select and open the disk to activate the disk scan process.
- 4. After that, find the necessary VMDK files and mount them.
- 5. Then browse the VMDK file for free and decide if you want to export them.
- 6. If you do, buy a license for VHD recovery software on the website and get access to export files to external media.