Sometimes you just can’t catch a break, for example after returning from a vacation and not remembering your password for the built-in Administrator account in the vsphere.local domain for vCenter. Changing it can be a bit round-about at times, so I decided to do a small guide since I had to figure it out myself recently.
Step 1 – Read what VMware says you should do
Don’t take a ‘random dude on the Internet’s advice without confirming it first!
Here’s the link to the different guides for different versions of vCenter, they are all ever so slightly different. I’ll focus on the vCenter 6.0 appliance, but the methods are quite similar.
Step 2 – Enable SSH and Shell on the vCenter Appliance
Open up the console on the vCenter Appliance (Hint: ESXi Host Web Client) and log in as the root user (Press F2 on the splash screen). Then select F2 again to access the screen where you can enable SSH and shell access. Enable both, you’ll need them!
Step 3 – SSH into the vCenter Appliance
Next you’ll need to SSH in using the same root account as earlier. Type “shell” to access the bash shell.
Step 4 – Reset the password
Type the following in:
Which gets you:
================== Please select: 0. exit 1. Test LDAP connectivity 2. Force start replication cycle 3. Reset account password 4. Set log level and mask 5. Set vmdir state ==================
Select option 3
Please enter account UPN :
This is one of the problems with the 6.X guide, it doesn’t tell you explicitly that you need to type the following.
After that you should get a new password that you can use to log in. Some of the KBs from VMware state that you should rerun the command if you get an exclamation point (!) in your password, so redo it in that case. This password can then be used to access the WebGUI of the appliance and there you can set your firstname.lastname@example.org password back to something more reasonable.
Step 4 – IT DIDN’T WORK!
Yes, this is the second pitfall, and this took me some time to figure out. Your shell probably displays something along these lines after you’ve entered the account name:
VmDirForceResetPassword failed (9106)
This is not a documented “feature” by VMware, but after some digging around, I found that people recommend running the command su before the vdcadmintool.
So, type su into the shell, retype you root password, and you’ll get thrown back to the start splash. Type shell again, and rerun vdcadmintool. This time you should get a password instead of an error. Another thing you could try if this doesn’t work is to start the shell with this command:
Which should launch an elevated root shell instead of whatever is launched when just using shell. I’ve not tried this myself, so no guarantees (as if any of my advice comes with a warranty), but you might find it helpful.