This article provides steps to reset a lost, forgotten, or expired root password for a vCenter Server Appliance (or external PSC) 6.5 and later.
For passwords that have expired, the default vCenter Server Appliance password expires after 90 days.
For more information, see Change the Password and Password Expiration Settings of the Root User
Process to Reset the Root Password in VCSA:
Note: 6.7U1 and later have a simpler method to reset the password, see KB 75174
To reset the root password for the vCenter Server Appliance:
rw init=/bin/bash
The line should look like the following screenshot:
mount -o remount,rw /
pam_tally2 --user=root --reset
/usr/sbin/faillock --user root --reset
( Note: pam_tally2 is deprecated in Photon 4, use faillock instead. )
passwd
umount /
reboot -f
# chage -I -1 -m 0 -M 99999 -E -1 root or at the VAMI
root@vc[~]# chage -l root
example:
root@vc [ / ]# chage -l root
Last password change : Aug 20, 2024
Password expires : Nov 18, 2024
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
Additionally, to check the password details for the [email protected] (default SSO) account, run the following command from the vCenter SSH session:
root@vc[~]# chage -l sso-user
example:
root@vc [ / ]# chage -l sso-user
Last password change : Feb 14, 2023
Password expires : May 15, 2023
Password inactive : May 15, 2023
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
For 7.0U1 and 6.7U3j there are a few changes:
Changes in 8.0 U2 and above versions:
For more information, see -