I had this question recently through an e-mail and was sure that I already wrote about it. After some research, I figured out that a blog post would clear my doubts. VMware says that it's not possible to reset ESXi password on ESXi 6.x (and 5.x) systems. However, under certain circumstances, there is a possibility to change (to reset) the root password.
There are two conditions to reset ESXi 6.x root password:
1. The ESXi host is visible and accessible through vCenter.
2. VMware vSphere Host Profiles – The organization uses vSphere Enterprise Plus licensing.
The is a VMware KB which mentions root password recovery is this one and it clearly states that it's not supported to reset passwords on ESXi 6.x and ESXi in general as there is no longer the Linux console where you would use the single-user mode for the job:
Reinstalling the ESXi host is the only supported way to reset a password on ESXi. Any other method may lead to a host failure or an unsupported configuration due to the complex nature of the ESXi architecture. ESXi does not have a service console and as such traditional Linux methods of resetting a password, such as single-user mode do not apply.
But using host profiles to change the root password on ESXi host is supported and if you got the appropriate licensing then you should be able to change the root password.
So How to reset ESXi 6.x root password?
1. Create a Host profile from your host – first, go and click the Host profiles icon.
Click the Plus sign and select the radio button Extract profile from a host.
2. Then select the host from which you want to extract the profile. It's the host from which you'll copy all the values.
3. The next step in the assistant invites you to name the host profile. You can also put some comment in order to explain what the profile does. Quite handy.
4. The recap screen…. Click Finish to close the assistant.
5. Select the profile and click Actions > Edit settings
6. This starts the assistant again. Click next. You'll be at the screen below. Deselect all parts of the host profile except the Security configuration. There, you have the option from the drop down menu (2) to select Configure a fixed administrator password. Enter the new password and click next and finish the wizard.
7. While selecting the host profile, click on Actions > Attach/Detach hosts and clusters. This allows you to specify the host to which you want to attach this host profile.
This is showing the next screen…
8. Once attached, we need to check the host profile compliance.
9. As you can see, our host is not compliant because the root password is not the same as we entered into the host profile.
10. Put your host into maintenance mode and do a right click > All vCenter actions > Host profiles > remediate
11. That's it. You can exit maintenance mode and login to your host.
Check more articles from ESX Virtualization:
- VMware VCSA 6.5 Backup and Restore How-To
- Free Tools
- Prepare the DHCP Server for vSphere Auto Deploy Provisioning – VMware vSphere 6.5
- Patch VMware vCenter Server Appliance (VCSA) from Offline Depot ZIP file
- Upgrade Windows Server 2012R2 AD to Server 2016