This article provides steps to reset the root password if you have lost or forgotten the existing root password without reboot / 6.7u1 / 7.x / 8.x
Note: The above symptoms can also occur on an external Platform Services Controller (PSC) running on vSphere 6.5 and 6.7.
The resolution has two sections for the problem that we usually encounter:
shell.set --enable true
shell
sudo -i
pam_tally2 --user=root --reset
/usr/sbin/faillock --user root --reset
Note: pam_tally2 is deprecated in Photon 4, use faillock instead
passwd
Confirm that you can access the vCenter Server Appliance using the new root password.
sudo passwd root
Confirm that you can access the vCenter Server Appliance using the new root password.
You could set the Root password to never expire in order to prevent this issue by running command:
chage -I -1 -m 0 -M 99999 -E -1 root or at the VAMI ( https://<vcenter_fqdn>:5480)
Note: If you continue to have issues, see Unable to log in to the vCenter Server Appliance shell using root account even after password reset
For 7.0U1 and 6.7U3j there are a few changes:
Changes in 8.0 U2 and above versions:
You will get below error while executing pam_tally2 in 8.0 U2 or above versions, as this utility was deprecated in Photon 4 and 8.0 U2 is using Photon 4 version. The alternate utility on Photon 4 is "/usr/sbin/faillock" to unlock the accounts.
"-bash: pam_tally2: command not found"
For more information, see:
You can update the password of the root user in the vCenter Server via appliance shell if account is not locked
More information: Managing Local User Accounts in vCenter Server.