This article provides steps to reset a lost, forgotten, or expired root password for VMware Cloud Director(VCD).

Symptoms:

• The root account password of VMware Cloud Director Appliance fails.
• The root account of the VMware Cloud Director is locked or account is expired.
• The root account password has been lost or forgotten.
• You are unable to login to VMware Cloud Director via SSH or VAMI.

VMware Cloud Director 10.4 and later.

• For expired or soon-to-be-expiring passwords, please follow the steps as per the documentation- Cloud Director 10.5, Cloud Director 10.6.

• To set the root password to never expire : chage -I -1 -m 0 -M 99999 -E -1 root 

• To reset the password, follow the steps below:

1. 1. Take a snapshot or backup of the VCD Appliance before proceeding.
   2. Open a web console to the VCD appliance from vCenter UI. 
   3. Reboot the VCD Appliance and switch to the web console tab.
   4. After the Photon OS starts, press the e key to enter the GNU GRUB Edit Menu.
      
      Note:  You might have to give the VM console focus by clicking in its window before it will register input from the keyboard.
      
      
   5. Locate the line that begins with the word linux.The below screenshot shows the view from a VCD 10.6 appliance.
      
   6. Append these entries to the end of the line:
      

      rw init=/bin/bash

      The line should look like the following screenshot:
      
      
   7. F10 to continue booting.
   8. Run the command 
      

      mount -o remount,rw / 

   9. Unlock/Reset the 'root' account using below command if it is already locked due to multiple logins with incorrect password.
      

      For VCD 10.6 : /usr/sbin/faillock --user root --reset

      For VCD 10.4 and VCD 10.5 : pam_tally2 --user=root --reset
      
      
   10. In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation).
       
       Note: When entering the new password in VCD 10.6, ensure that it is atleast 15 characters in length and complex.
       Note: For VCD 10.4 and 10.5, the appliance certificate private key must be updated to use the new password. Please follow the steps 3-7 as per the documentation to carry out these changes.
       
       
   11. Unmount the filesystem by running this command
       

       umount / 

   12. Reboot the Cloud Director Appliance by running this command:
       

       reboot -f

   13. Confirm that you can access the Cloud Director Appliance using the new root password via SSH or VAMI.
   14. You can now delete the snapshot of the VMware Cloud Director appliance.

• Starting with version 10.4,Cloud Director uses Photon 3 OS on the appliance. See release notes for more information.
• Starting with version 10.6,Cloud Director uses Photon 4 OS on the appliance. See release notes for more information.
• For the VMware Cloud Director appliances, password complexity rules and yearly account password expiration for the root account are enforced. Please check the 'Administrative Credentials' as per our security documentation for more information.