Many of us have been there, we manage our ESXi hosts via vCenter like a responsible adult. But alas, one day, vCenter goes haywire and is inaccessible and requires an admin to hit up their local ESXi hosts. If these ESXi hosts were not joined to Active Directory, only the local root account remains for authentication. There is no other way to connect to these hosts other than via the root account. And if this root password is lost, then there is trouble. In these cases, the following tutorial explained below can be helpful.
Please Note: VMware does not officially support this method. VMware states that the only supported way to reset an ESXi password is by reinstalling the host. This was tested on ESXi 6.5.
In this tutorial we will be using a Live Linux CD/DVD/USB, to change the root password on your ESXi host. ESXi saves the root password encrypted in a password file located in /etc/shadow . We will be removing the password hash in located in 2 partitions in order to create a new password in the DCUI console.
Download a Live Linux ISO. I chose Gparted Live for this task.
Burn the Gparted Live ISO to a USB or CD/DVD. For this step I used Rufus, a tool which allows you to create bootable USBs from ISO images.
Insert the Gparted Live Media to your ESXi host, make sure your server is able to boot off CD/DVD or USB. Power on the server. Continue by following the on screen instructions in order to complete the boot process. Once completed you should reach the desktop and be able to see all of the ESXi partitions.
Gparted Boot Screen
Locate the 2 partitions sized 249.98MB. The /dev/sda5 and /dev/sda6 are what we’re after assuming you installed ESXi on the first available hard drive/ssd. This could differ if, for example, you installed ESXi on a USB device or SD card. We will be editing the /dev/sda5 partition first followed by the /dev/sda6.
Gparted showing the partitions found on disks
Right click on the desktop to open a terminal window with root privileges and run the following commands in the order as listed.
mkdir /boot /temp
mount /dev/sda5 /boot
cp state.tgz /temp
tar –xf state.tgz
tar –xf local.tgz
First batch of commands
We are using vi command to edit the shadow password file. Move to the line starting with the root and delete the hash string between the first 2 colons. Use the Delete key. When complete type :wq followed by Enter key.
Password file after hash deletion
Continue by running the following batch of commands.
tar –cf local.tgz etc/
tar –cf state.tgz local.tgz
mv state.tgz /boot
Second batch of commands
Boot back into the Gparted Live media. We will be repeating steps 5-7 except we will be editing the /dev/sda6 partition rather than /dev/sda5. The only difference in this process we will be changing command 3 in Step 5 to mount the correct partition.
mount /dev/sda6 /boot
Remove the Gparted media and boot the ESXI host. Once the ESXi host has completed booting, log on as root from the DCUI console. You should be able to log in without typing in a password. Now you may configure a new password.
Although this method is not officially supported by VMware, it works on various versions of ESXI. The reasoning is likely because VMware doesn’t want you to modify ESXi installation files. But considering you are doing is just zeroing out a password hash file in this procedure, it is unlikely you will run into any issues.
Reubin is a Principal Technical Consultant at Ferroque and consults on Microsoft, VMware, Public Cloud (AWS, Azure), and Citrix infrastructure platforms with a specialized focus on FSLogix and AWS. Reubin’s specialization is digital workspace technologies with interests in scripting and web coding.