This article provides the steps to retrieve the ESXi service accounts from SDDC Manager.
Symptoms:
Unable to SSH into an ESXi host with the stored root credentials on SDDC.
VMware Cloud Foundation 4.x
VMware Cloud Foundation 5.x
1.SSH into the SDDC Manager
2.Elevate to root with su
3.Create a token on the SDDC Manager. (You will need to update the password value)
TOKEN=$(curl -d '{"username" : [email protected], "password" : "updatepassword"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')
4.Pull the credentials from SDDC.
curl -k -X GET -H "Authorization: Bearer "$TOKEN"" --insecure 'https://localhost/v1/system/credentials/service' | json_pp | less
5.Record the service name and the password from the output.
{
"serviceType" : "SDDC_MANAGER",
"entityId" : "91894bc0-eac5-4707-98fe-a2f2a4678251",
"username" : "svc-vcf-xxxxx-xx",
"id" : "688d8117-a4d3-4b41-8ec4-6c302a61ad5e",
"entityType" : "ESXI",
"targetType" : "ESXI",
"serviceId" : "2f7a158d-e299-4793-b294-9e3c0c0dcb79",
"secret" : "xxxxxxxxxxxxxxxxx",
"credentialType" : "SSH",
"creationTime" : 1652959021796,
"modificationTime" : 1652959021796
Once you have the service account password you can connect to the ESXi host to clear out a root lockout or to reset the root password.