book
Article ID: 321369
calendar_today
Updated On:
Issue/Introduction
This article provides steps to reset the root password if you have lost or forgotten the existing root password for a VCSA 6.7U1 and later.
Symptoms:
- Logging in to the root account of vCenter Server Appliance (VCSA) fails.
- The root account of the vCenter Server Appliance 6.7 U1 and later is locked or account is expired.
- Forgot the root password.
Environment
VMware vCenter Server 7.0.x
VMware vCenter Server Appliance 6.7.x
Cause
With the change within VCSA 6.7 U1, the SSO user who is part of SystemConfiguration.BashShellAdministrator group will be able to log in to Bash shell and can call any commands using sudo and without password. This aims at reducing the gap between the root and SSO administrator user. The user has to enable shell to log in to the bash shell. By default, the user will be logged into appliance shell.
Additional Information
For 7.0U1 and 6.7P03 there are a few changes:
- The root user will be prompted for resetting the password when they try to SSH to the machine if expired or expiring.
- You can also log in to VAMI using SSO administrator and reset the root password from there.
- Email notification is sent earlier to prevent from having the root password expired.
- An alarm will be triggered in vsphere-ui to notify the user about the password expiry.