How to Reset VMware Root Password Without Reinstalling ESXi

You will set a root password when starting using ESXi host, but over time, you may not remember the VMware root password. However, in some specific cases, you want to reset VMware root password without reinstalling the ESXi host. So what should you do?

By @Crystal Last Updated August 8, 2024

Case: How to reset VMware ESXi 6.7 root password

 

Is there a way to reset forgotten root password on ESXi host 6.7? Per VMware, the only way is to reinstall ESXi on the host, but I would hate to migrate my VM's to another host.

- Question from Spiceworks Community

According to VMware, reinstalling an ESXi host is the only supported method for resetting the VMware root password. However, most users don't want to reinstall ESXi, because reinstalling ESXi is not a good solution, because they don't want to recreate and configure the VM and settings.

Luckily, Starting with ESXi 4.1, the host profile feature was introduced. If the host is managed by vCenter and you can still enter the vCenter, you can reset ESXi root password by taking advantage of the host profile feature.

Note: To use the host profile feature, you must have an Enterprise Plus license.

If you don't or can't use vCenter, you can edit the "Shadow" file to change the password. Just keep on reading we will offer the detailed steps of the 2 ways.

How to reset VMware ESXi root password (2 ways)

There is no default root password in VMware ESXi, so when you log in to ESXi, you are required to enter your IP address, root name, and password first. You'd better write down your root password to cope with the following scenarios:

  • Upgrade VMware ESXi.
  • vCenter goes haywire, is inaccessible, and requires the local root account remains for authentication.

What should you do if you forget your password and don't want to reinstall your ESXi hosts? It is suggested that create a VM backup before you start again to avoid data loss due to the risk of operation.

Way 1. Reset ESXi root password via Host Profile

You can use Host profiles to reset ESXi root password in ESXi 6.5/6.7/7.0, and please refer to the following steps.

1. Login to the vCenter Web client.

2. Navigate to Home, and then choose Host Profiles >> Extract Host Profile.

3. In the Extract Host Profile menu wizard, enter a name and description for the selected Host Profile click Next, and then Finish to complete the capture of the host profile template.

4. Right-click the new Host Profile and choose Edit Settings.

5. In the opened wizard, from Edit host profile, search for root and reset a new password and confirm it.

6. You have changed the password. Then right-click the Host Profile and select Attach/Detach Hosts and Clusters. Select the host you have changed the password, and click Attach.

Tips: It’s possible to apply the changes to multiple ESXi hosts by hitting Attach All.

7. From the Action Menu, select Maintenance Mode >> Enter Maintenance Mode. During this period, the virtual machine needs to be shut down, so please ensure that your task has downtime.

8. From the Action Menu, select Remediate, then select host to remediate.

9. Check Host Compliance.

10. After the host reboots, exit the maintenance mode.

Way 2. Reset VMware root password by editing the “shadow” file

If it’s not possible for you to use vCenter to reset your password, you can try another method: use a Live Linux CD/DVD/USB to reset VMware root password.

ESXi saves the root password encrypted in a password file located in /etc/shadow. It will remove the password hash located in 2 partitions to create a new password in the DCUI console.

Here is how to reset ESXi root password without vCenter:

1. Download a live Linux CD/DVD, and I choose the Gparted LiveCD.

2. Burn a USB or CD/DVD with the Live CD/DVD and boot your host off it.

3. Locate the 2 partitions sized 249.98MB. The /dev/sda5 and /dev/sda6 are what we’re after assuming you installed ESXi on the first available hard drive/ssd. This could differ if, for example, you installed ESXi on a USB device or SD card. We will be editing the /dev/sda5 partition first followed by the /dev/sda6.

4. Open a terminal window and run the following commands in the exact order as listed.

● Run these commands to get to the shadow password file.

sudo su

mkdir /boot /temp

mount /dev/sda5 /boot

cd /boot

cp state.tgz /temp

cd /temp

tar -xf state.tgz

tar -xf local.tgz

rm *.tgz

cd etc

● Then use vi to edit the shadow password file.

Just move to the line starting with the root and delete the string between the first 2 colons. Use the Delete key. When done, enter :wq followed by Enter.

● Continue by running the following batch of commands.

cd ..

tar -cf local.tgz etc/

tar -cf state.tgz local.tgz

mv state.tgz /boot

umount /boot

reboot

Tips: Boot back into the Gparted Live media. We will be repeating step 4 except we will be editing the /dev/sda6 partition rather than /dev/sda5. The only difference in this process is to change the command to mount the correct partition.

5. Remove the Gparted media and boot the ESXi host. Once the ESXi host has completed booting, log on as root from the DCUI console. You should be able to log in without typing in a password. Now you may reset a new password.

This method is not supported by VMware, but it works on various versions of ESXi. When resetting VMware root password, the most important thing is to make a VMware backup before performing this operation.

Important: protect VMware VM from data loss

A reliable VM backup appliance can reduce operational errors and protect businesses from security threats. AOMEI Cyber Backup, a free backup software, provides you with the best VM backup practices and schedules virtual machine backup to secure your business continuously.

If your original virtual machine fails, you can achieve fast disaster recovery from any point. It restores the virtual machine to its previous state based on a few clicks without any complicated setup, greatly reducing business downtime and financial losses.

Automated VM Backup: schedule VMware or Hyper-V virtual machine backups and perform a hot backup to protect crucial data continuously with minimal manual intervention. Instant Disaster Recovery: instantly restore the whole virtual machine to the previous state from any selected history version. Easy to use: backup and restore multiple virtual machines via a central console without complicated configuration and reinstallation. Role-Assignment: allow one administrator to create sub-accounts with limited privilege, effectively reducing administration cost and manual errors. Support Free ESXi: AOMEI Cyber Backup supports both paid and free versions of VMware ESXi. Perpetual Free: no time limit for AOMEI Cyber Backup Free Edition.

Please hit the button below to download and use AOMEI Cyber Backup for free.

Download FreewareVMware ESXi & Hyper-V
Secure Download

*You can choose to install this VM backup software on either Windows or Linux system.

Free VM backup solution with AOMEI Cyber Backup

1. Download AOMEI Cyber Backup and add your host. Click Source Device > VMware > + Add VMware Device, then you can choose to Add vCenter or Standalone ESXi.

2. Click Backup Task >> Create New Task to create an insurance for your VMs.

✦ In the opened wizard, enter a task name and choose VMware ESXi Backup.

✦ On Device Name pane, select the host and virtual machines you want to backup.

✦ On Target pane, select a destination to store virtual machine files. It offers local or network location. You can connect external hard drive to VM to store the backup files such as a flash drive or USB hard drive, or backup VM to NAS.

✦ On Schedule pane, enable backup schedule plan. It offers flexible backup strategies such as full / incremental / differential backup to safeguard VMware data comprehensively. You can specify the backup time as daily / weekly / monthly, which will keep tracking the changed data and offers continuous protection.

✦ Click Start Backup.

3. Recovery: click Restore, then choose the restore content and target. If the original VM corrupts, you can restore the entire VM to the previous state including OS, configuration, application, personal data and system state.

✍ While the Free Edition covers most of the VM backup needs, you can also upgrade to enjoy: Batch VM backup: batch backup large numbers of VMs managed by vCenter Server or on standalone ESXi hosts. Backup Cleanup: Configure retention policy to auto delete the old backup files and save storage space. Restore to new location: Easily make a clone of a virtual machine in the same or another datastore/host, without reinstalling or configuring a new VM.

AOMEI Cyber Backup always protects your virtual machines and business security with its efficient VMware backup solution. It also reduces business downtime and extra costs.

Summary

This article introduced how to reset VMware ESXi root password without reinstalling ESXi host, which saves a lot of time. When you are resetting ESXi root password, if your virtual machines do not have downtime, you should migrate your virtual machines, as well as backup VMware ESXi VMs.