Search the VMware Knowledge Base (KB)
View by Article ID

VMware vCenter Server Appliance 5.5 and 6.0 root account locked out after password expiration (2069041)

  • 80 Ratings
Language Editions


  • Unable to log in to the root account for the VMware vCenter Server Appliance.
  • The root account for the vCenter Server Appliance is locked.


To unlock a locked root account, rebooted the vCenter Server appliance and  modify the kernel option in the GRUB bootloader to obtain a root shell.


The vCenter Server Applaince 5.5 and 6.0 release enforces local account password expiration after 90 days by default. This policy locks out the root account when the password expiration date is reached.


This behavior affects vCenter Server Appliance 5.5 and 6.0.

Note: As of vCenter Server appliance 5.5 Update 1, the password will expire after 90 days. After that time, the user will be able to log in through the console to change the password for the expired user.

Unlocking a locked out root account

If the root account is not accessible through the console, the secure shell, and the Virtual Appliance Management Interface (VAMI) (vCenter Server Appliance 5.5 and 6.0 Update 1), the root account has been inactivated due to password expiration. To reactivate the root account, the vCenter Server appliance must be rebooted and the kernel option modified in the GRUB bootloader to obtain a root shell.

To reactivate the root account:
  1. Reboot the vCenter Server appliance using the vSphere Client.
  2. When the GRUB bootloader appears, press the spacebar to disable autoboot.

    Note: If the time between when you power on the virtual machine and when it exits the BIOS or EFI and launches the guest operating system is too short, you can adjust the delay. For more information, see Delay the Boot Sequence in the vSphere Client section in the VMware vSphere 5.5 Single Host Management Giode.

  3. Type p to access the appliance boot options.
  4. Enter the GRUB password.

    • If the vCenter Server appliance was deployed without editing the root password in the Virtual Appliance Management Interface (VAMI), the default GRUB password is vmware.
    • If the vCenter Server appliance root password was reset using the VAMI, then the GRUB password is the password last set in the VAMI for the root account.

  5. Use the arrow keys to highlight VMware vCenter Server Appliance and type e to edit the boot commands.

  6. Scroll to the second line displaying the kernel boot parameters.

  7. Type e to edit the boot command.
  8. Append init=/bin/bash to the kernel boot options.

  9. Press Enter. The GRUB menu reappears.
  10. Type b to start the boot process. The system boots to a shell.
  11. Reset the root password by running the passwd root command.
  12. Restart the appliance by running:


    Note: If restart of the appliance fails by running reboot command, then run commands:

    mkfifo /dev/initct
    reboot -f

Important:  To prevent future root account lock out and retain password expiration functionality, see How to prevent forced lockout when the root account is still active (2147043).

Note: If the root account is locked for long time, it might be due to no space in / because of growth in message log.

Additional Information

The vCSA allows you to establish your own password expiration and warning email policies by using the Admin tab of the Virtual Appliance Management Interface (VAMI).

Email addresses configured in the Admin tab in the VAMI (https://IP_address:5480 or https://VAMI_host_name:5480) receive email notifications each day for seven days prior to password expiration. The email settings, such as relay SMTP server, are configured through the vSphere Client in the vCenter Server mail settings.


Root account locked, vCenter appliance locked

See Also

Update History

11/17/2015 - Added vCenter Server Appliance 6.0

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 80 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 80 Ratings