This article provides steps to reset the root password of vCenter Server Appliance 6.0.

For similar issues see:

• Error "Appliance (OS) root password is expired " while upgrading vCenter Server Appliance 6.5 or 6.7
• How to reset the lost or forgotten root password in vCenter Server Appliance 6.7 U1 and later
• Unable to log in to the vCenter Server Appliance shell using root account even after password reset

Symptoms:

• The root account password of VMware vCenter Server Appliance fails
• The root account of the vCenter Server Appliance 6.0 is locked

VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 5.5.x

Note: If the root account is not accessible through the console like secure shell and the Virtual Appliance Management Interface (VAMI) (vCenter Server Appliance 6.0 Update 1) then that indicates that the root account is inactivated due to password expiration.

Reactivate Account and Modify Kernel option in GRUB:

1. Reboot the vCenter Server appliance using the vSphere Client.
2. When the GRUB bootloader appears, press the spacebar to disable autoboot.
   
   Note: After powering on, the virtual machines takes only a short time to exits the BIOS/EFI and to launch the guest operating system. You can adjust the boot delay or force the virtual machine to enter BIOS or EFI setup screen after power on. For more information, see the Delay the Boot Sequence in the vSphere Client section in the VMware vSphere 5.5 Single Host Management Guide.
    
3. Type p to access the appliance boot options.
4. Enter the GRUB password.
   
   Note:
   • If the vCenter Server appliance is deployed without editing the root password in the Virtual Appliance Management Interface (VAMI), the default GRUB password is vmware.
   • If the vCenter Server appliance root password is reset using the VAMI, the GRUB password is the password last set in the VAMI for the root account.
5. Use the arrow keys to highlight VMware vCenter Server Appliance and type e to edit the boot commands.
   
   
6. Scroll to the second line displaying the kernel boot parameters.
   
   
7. Type e to edit the boot command.
8. Append init=/bin/bash to the kernel boot options.
   
   
9. Press Enter. The GRUB menu reappears.
10. Type b to start the boot process. The system boots to a shell.
11. Reset the root password by running the passwd root command.
12. Restart the appliance by running reboot command.
    
    Note: If you cannot restart the appliance by running reboot command, then run these commands:
    
    mkfifo /dev/initctl
    reboot -f

13. In order to prevent this issue from happening again in the future, you could set the root password to never expire at the VAMI page or by running this command: chage -I -1 -m 0 -M 99999 -E -1 root
14. Verify the root account password expiry settings have been changed using the following command:  chage -l root

Important: To prevent future root account lock out and retain password expiration functionality, see How to prevent forced lockout when the root account is still active (2147043).
 

Note: If the root account is locked for long time, it might be due to no space in / because of growth in message log, or audit log. Both messages log and audit log can be safely deleted and VCSA rebooted to clear the space needed for password reset.

Message log: /var/log/messages

Audit log: /var/log/audit/audit.log

VMware Skyline Health Diagnostics for vSphere - FAQ

In vCenter Server Appliance you can establish your own password expiration days and warning email policies under the Admin tab of the Virtual Appliance Management Interface (VAMI).

vSphere 6.0 VAMI - Option is under Administration



Email addresses configured in the Admin tab in the VAMI (https://IP_address:5480 or https://VAMI_host_name:5480) receive email notifications each day for seven days prior to password expiration. The email settings, such as relay SMTP server, are configured through the vSphere Client in the vCenter Server mail settings.

Unable to log in to the vCenter Server Appliance shell using root account even after password reset