Resetting vCenter Administrator Password on vCenter 6.X Appliance

071711_0842_vmwarevcent1

Sometimes you just can’t catch a break, for example after returning from a vacation and not remembering your password for the built-in Administrator account in the vsphere.local domain for vCenter. Changing it can be a bit round-about at times, so I decided to do a small guide since I had to figure it out myself recently.

Step 1 – Read what VMware says you should do

Don’t take a ‘random dude on the Internet’s advice without confirming it first!

Here’s the link to the different guides for different versions of vCenter, they are all ever so slightly different. I’ll focus on the vCenter 6.0 appliance, but the methods are quite similar.

VMware KB Article #2034608

Step 2 – Enable SSH and Shell on the vCenter Appliance

Open up the console on the vCenter Appliance (Hint: ESXi Host Web Client) and log in as the root user (Press F2 on the splash screen). Then select F2 again to access the screen where you can enable SSH and shell access. Enable both, you’ll need them!

Step 3 – SSH into the vCenter Appliance

Next you’ll need to SSH in using the same root account as earlier. Type “shell” to access the bash shell.

Step 4 – Reset the password

Type the following in:

/usr/lib/vmware-vmdir/bin/vdcadmintool

Which gets you:

==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
==================

Select option 3

Please enter account UPN :

This is one of the problems with the 6.X guide, it doesn’t tell you explicitly that you need to type the following.

Administrator@vSphere.local

After that you should get a new password that you can use to log in. Some of the KBs from VMware state that you should rerun the command if you get an exclamation point (!) in your password, so redo it in that case. This password can then be used to access the WebGUI of the appliance and there you can set your administrator@vsphere.local password back to something more reasonable.

Step 4 – IT DIDN’T WORK!

Yes, this is the second pitfall, and this took me some time to figure out. Your shell probably displays something along these lines after you’ve entered the account name:

VmDirForceResetPassword failed (9106)

This is not a documented “feature” by VMware, but after some digging around, I found that people recommend running the command su before the vdcadmintool.

So, type su into the shell, retype you root password, and you’ll get thrown back to the start splash. Type shell again, and rerun vdcadmintool. This time you should get a password instead of an error. Another thing you could try if this doesn’t work is to start the shell with this command:

pi shell

Which should launch an elevated root shell instead of whatever is launched when just using shell. I’ve not tried this myself, so no guarantees (as if any of my advice comes with a warranty), but you might find it helpful.

 

 

Advertisements
No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s