This article provides steps to reset the root password if you have lost or forgotten the existing root password without reboot / 6.7u1 / 7.x / 8.x
Note: The above symptoms can also occur on an external Platform Services Controller (PSC) running on vSphere 6.5 and 6.7.
Process to Reset the Root Password in VCSA:
shell.set --enable true
shell
sudo -i
pam_tally2 --user=root --reset
/usr/sbin/faillock --user root --reset
Note: pam_tally2 is deprecated in Photon 4, use faillock instead
passwd
Alternately, you could use the command:
sudo passwd root
Confirm that you can access the vCenter Server Appliance using the new root password.
chage -I -1 -m 0 -M 99999 -E -1 root or at the VAMI ( https://<vcenter_fqdn>:5480)
Note: If you continue to have issues, see Unable to log in to the vCenter Server Appliance shell using root account even after password resetFor 7.0U1 and 6.7U3j there are a few changes:
Changes in 8.0 U2 and above versions:
You will get below error while executing pam_tally2 in 8.0 U2 or above versions, as this utility was deprecated in Photon 4 and 8.0 U2 is using Photon 4 version. The alternate utility on Photon 4 is "/usr/sbin/faillock" to unlock the accounts.
"-bash: pam_tally2: command not found"
For more information, see:
You can update the password of the root user in the vCenter Server via appliance shell if account is not locked
More information: Managing Local User Accounts in vCenter Server.