• Manually configured GRUB password upon deployment is unknown

• Entering GRUB password kicks user back to boot loader screen

• Default GRUB password is not working:

  • NSX@VM!WaR10 (for 3.2.x and above)

  • VMware1 (for 3.1.x and below)

• Root password is known and authentication to root account via CLI is successful

• Following the steps from Configure an Appliance to Display the GRUB Menu at Boot Time does not successfully reset the GRUB password

VMware NSX

The core problem is that a custom GRUB password was manually set during the initial deployment or a subsequent configuration change on the NSX-T Manager, and this password has since been lost or forgotten.
Standard NSX-T Manager appliances use Photon OS, which utilizes GRUB as its boot loader. While default passwords might exist, if a custom one was explicitly configured, it overrides these defaults.
The standard procedure for displaying the GRUB menu doesn't address changing a forgotten password because it usually involves editing parts of grub.cfg which are protected by the unknown password itself.
However, since root access via CLI is available, the GRUB configuration can be modified from within the running operating system

• Log in to the NSX Manager Appliance VM as root.

• In the /etc/default/grub file, check if the GRUB_TIMEOUT_STYLE value is set to 'menu' or 'countdown'.

  • If not set to either, change to menu or countdown

• Generate a new password by running the following command:

  grub-mkpasswd-pbkdf2

  • root@nsx-manager:~# grub-mkpasswd-pbkdf2
    Enter password:
    Reenter password:
    PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.<password-hash>

     

• Edit the /etc/grub.d/40_custom file and replace the hash of the password

  • root@nsx-manager:~# vim /etc/grub.d/40_custom 

    #!/bin/sh
    exec tail -n +3 $0
    # This file provides an easy way to add custom menu entries.  Simply type the
    # menu entries you want to add after this comment.  Be careful not to change
    # the 'exec tail' line above.
    set superusers="root"
    password_pbkdf2 root grub.pbkdf2.sha512.10000.<password-hash>

  • Save change with :wq!

• Update the GRUB configuration.

  update-grub

Configure an Appliance to Display the GRUB Menu at Boot Time

Note :  
If this is a multi-node Manager cluster, this procedure only affects the specific Manager on which it is performed. GRUB passwords are node-specific.
Rollback: If the appliance becomes unbootable after these changes, you may need to boot from an ISO (e.g., a Photon OS Live CD) into rescue mode to restore the grub.cfg file from your backup or correct the configuration.