How to reset SDDC Manager vcf and root user accounts
search cancel

How to reset SDDC Manager vcf and root user accounts


Article ID: 323984


Updated On:


VMware Cloud Foundation


This article provides instructions on how to reset the vcf and root user accounts for SDDC manager. 


VMware Cloud Foundation 4.x
VMware Cloud foundation 5.x


  1. Login to the vCenter/vSphere UI and find the SDDC Manager VM.
  2. Once you click on the SDDC Manager VM, under the IP address should be the host FQDN for which ESXi the VM is sitting on.
  3. Open a new tab and paste the ESXi host FQDN into your browser and login to the host UI via root
  4. Click on Virtual Machines, then click on the SDDC Manager VM > Edit > VM Options > Boot Options
  5. Set the Boot Delay to 10000 milliseconds.
  6. Open the VM console and On the right-hand side of the console should be a button that says Actions. Click on Actions Power > Reset.
  7. When you see the Photon screen, hit the 'e' key to get into the GRUB.
    • image.png
  8. Use the arrow keys to navigate to the line beginning with linux and add the following to the end of the line
    • rw init=/bin/bash
  9. Press the F10 key to continue booting the VM. 
  10. Run the following commands to unlock the vcf and root accounts:
    • For VCF versions up to VCF, use :
      • /usr/bin/pam_tally2 -u root -r
        /usr/bin/pam_tally2 -u vcf -r
    • For VCF versions starting from VCF, use:
      • /usr/bin/faillock --user root --reset
        /usr/bin/faillock --user vcf --reset
    • Note: If there are any failures, you will need to use the up arrow key to re-run the command until the failures column shows 0.
  11. Run the following commands to set the accounts to a temporary password: 
    • passwd vcf
      passwd root
  12. Then reboot SDDC by running the following: 
    • reboot -f
  13. After a few minutes, SSH into the SDDC Manager with the vcf user and temp password and then su root and enter the temp password for root. 
  14. Then run the following command to clear the passwords:
    • echo "" >/etc/security/opasswd 
  15. Now we can reset the accounts to new passwords or a password previously used by using commands mentioned in Step # 11

Note: Make a note of what the vcf and root passwords were changed to.

16. Here is the below command to change the age of the VCF and Root 

VCF :  chage -M 999 vcf
Root : chage -M 999 root


Additional Information