Resetting vCenter Administrator Password on vCenter 6.X Appliance


Sometimes you just can’t catch a break, for example after returning from a vacation and not remembering your password for the built-in Administrator account in the vsphere.local domain for vCenter. Changing it can be a bit round-about at times, so I decided to do a small guide since I had to figure it out myself recently.

Step 1 – Read what VMware says you should do

Don’t take a ‘random dude on the Internet’s advice without confirming it first!

Here’s the link to the different guides for different versions of vCenter, they are all ever so slightly different. I’ll focus on the vCenter 6.0 appliance, but the methods are quite similar.

VMware KB Article #2034608

Step 2 – Enable SSH and Shell on the vCenter Appliance

Open up the console on the vCenter Appliance (Hint: ESXi Host Web Client) and log in as the root user (Press F2 on the splash screen). Then select F2 again to access the screen where you can enable SSH and shell access. Enable both, you’ll need them!

Step 3 – SSH into the vCenter Appliance

Next you’ll need to SSH in using the same root account as earlier. Type “shell” to access the bash shell.

Step 4 – Reset the password

Type the following in:


Which gets you:

Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state

Select option 3

Please enter account UPN :

This is one of the problems with the 6.X guide, it doesn’t tell you explicitly that you need to type the following.


After that you should get a new password that you can use to log in. Some of the KBs from VMware state that you should rerun the command if you get an exclamation point (!) in your password, so redo it in that case. This password can then be used to access the WebGUI of the appliance and there you can set your administrator@vsphere.local password back to something more reasonable.

Step 4 – IT DIDN’T WORK!

Yes, this is the second pitfall, and this took me some time to figure out. Your shell probably displays something along these lines after you’ve entered the account name:

VmDirForceResetPassword failed (9106)

This is not a documented “feature” by VMware, but after some digging around, I found that people recommend running the command su before the vdcadmintool.

So, type su into the shell, retype you root password, and you’ll get thrown back to the start splash. Type shell again, and rerun vdcadmintool. This time you should get a password instead of an error. Another thing you could try if this doesn’t work is to start the shell with this command:

pi shell

Which should launch an elevated root shell instead of whatever is launched when just using shell. I’ve not tried this myself, so no guarantees (as if any of my advice comes with a warranty), but you might find it helpful.



Categories: Tech, vmware

Tags: , , , , , , , ,

13 replies

  1. Thank you so much really save our time

  2. Hi, unfortunately that didn’t work for me. I get the “9106” error whether I try with su or not šŸ˜¦ I’ve only just installed the VCSA 6.5 U1 appliance, so the reason I’m trying to reset the administrator@vsphere.local sso password is not because I forgot it, It’s because the web-console won’t let me logon with this account, so I googled “how to reset the defualt sso account” and came across your article. Any help would be appreciated, thanks.

  3. Hi again, I decided to delete and re-install the VCSA 6.5 and now I can logon to it as administrator@vsphere.local šŸ™‚

  4. Excellent! Thanks a lot really helped a lot to get the administrator@vsphere.local password reset.

  5. Saved my life tonight, or shall I say it saved my night šŸ˜‰
    The password in email format did the trick for me.

    Many thanks,

  6. How I can check my localhost domain in case of Windows vCenter? Like in case of Appliance it can be checked through 1 command after logging through root. The insight of the question is I am trying to login to vCenter through administrator@vSphere.local but getting error “you do not have permission to any of vCenter”. I doubt the localhost domain is different. In my case vCenter is Windows based and version 6.5.

    • It should be listed in the following file (I can’t check it since I don’t have a Windows based vCenter handy)


      Keep in mind that the vSphere domain is different to the domain that the Windows server might or might not be added to.

  7. Just a note on the error: VmDirForceResetPassword failed (9106)

    you will also receive that same error if your UPN is incorrect. we had one oddball in our enterprise, forgot. no level of su or pi shell would fix it.

    after entering the correct UPN, worked fine w/o su

  8. “VmDirForceResetPassword failed (9106)” experienced during administrator@vcenter.local password reset attempt in vcsa 6.7 with no resolution in vmware’s password reset article.

    your “su” tip solved the problem

    thank you

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: