In some environments, administrators may need to change the root password directly on an ESXi host (for example through DCUI, SSH, or PowerCLI).

This article clarifies whether changing the ESXi host root password affects vCenter Server connectivity, cluster management, or vSAN operations.

• vCenter 7.x / 8.x / 9.x
• ESXi 7.x / 8.x / 9.x
• vSAN enabled or non-vSAN clusters
• ESXi hosts are managed by vCenter Server

Changing the root password on an ESXi host does not disrupt vCenter Server management of the host, nor does it affect the operation of a vSAN cluster. It is safe to change the ESXi root password at any time. vCenter management and vSAN functionality will continue to operate without interruption. Only direct root access methods (SSH, DCUI, external scripts) require awareness of the new password.

1. vCenter Connectivity

   • vCenter communicates with ESXi hosts using the vpxuser account and trusted certificates, not the root account.

   • Modifying the root password does not invalidate the vpxuser credentials; therefore the host remains connected and manageable in vCenter.

2. vSAN Operations

   • vSAN cluster services (object health, resync, performance, and data path) does not rely on the ESXi root password.

   • Changing the root password does not interrupt vSAN data traffic, object rebuilds, or health monitoring.

3. Operational Considerations

   • After changing the root password, update any tools or scripts (backup, monitoring, SSH automation) that log in as root.

   • If Host Profiles are used and include a root password policy, ensure the profile is updated to prevent non-compliance or unintended password reversion.