vSphere 5.x Tip To Toe: Reset ESXi root user password “Lost r00t o_0?”

Hello again my friends, this time I came across a customer who seemed to be completely blunt about the root password that he have set on his ESXi servers. As you may know previously we were able to reboot into single user mode and do the magic there.

Since ESXi implies security well its not possible sadly, now the method which I will be demonstrating hereunder is not supported by VMware and is purely an out-of-the-box method that will lessen your pain as a VMware Administrator and bring that smile of control to your face :-P (Wish I could take a picture of every Administrator after I reset the root password ^_^).

Just a little briefing, the hereunder procedure will clear out the password that has been set to the root password and revert it to blank (no password at all) what we’re going to do it locate the disk where the “shadow” file is located in, then we’re going to mount it, edit it, save it and finally wrap everything back.

Tools:
You can use any live CD, my favorite distribution is Linux Mint (you can get it here). Here i am using version 14 named MATE, also if you don’t have much knowledge about Linux and using the shell it would be great to start now as after you’re done, you’ll know that you were not really using a computer %).

Procedure:

After you burn the CD/DVD and boot up you’ll see the following screens:

ESXi01-2012-12-30-22-24-51

ESXi01-2012-12-30-22-25-38

Now open the terminal (menu->terminal), then type “sudo su -” this how we gain super user access when booting a live CD distro.

ESXi01-2012-12-30-22-33-42

Now since new installations of ESXi 5 no longer use MBR and rather use GPT (GUID Partition Tables) check Partitioning in New ESXi 5.0 Installations, this means you can’t use fdisk to list the current disks. Instead we need to use a utility named gparted, just type in the terminal gparted and the utility will start.

ESXi01-2012-12-30-22-43-18

Okay, I see the disks but which one to mount? Let me talk to you a bit about ESXi 5 partitioning:

1- sda1: used for booting up the system and pointing to the hypervisor image.
2- sda5: this is where ESXi is installed.
3- sda6: this has the identical size of sda5 and will store recovery images.
4- sda8: holds VMware Tools and other stuff including paravirtual scsi disk controller.
5- sda2: holds log files and vmkernel related files.
6- sda’s that are maked as unknown, yup you’ve guessed it they are VMFS volumes.

Now that we know that the disk which we need to mount is sda5, close gparted and return to the terminal and follow the following commands:

1- Create the mount directory: mkdir /mnt/esxi_disk/
2- Mount the disk to the directory: mount /dev/sda5 /mnt/esxi_disk/

Now lets verify that what we’ve mounted, type:

3- cd /mnt/esxi_disk
4- ls

ESXi01-2012-12-30-23-10-54

From the files listed, what we need is state.tgz this file contains another compressed archive named local.tgz which has the /etc directory compressed in it, what we need to do is un-archive these files so that gain access to the shadow file, type:

5- tar xzf state.tgz
6- tar xzf local.tgz
7- ls < here you will notice that we have the etc directory present.

ESXi01-2012-12-30-23-18-26

Type:

8- cd etc
9- vi shadow (click here for the VI quick reference sheet)

ESXi01-2012-12-30-23-22-01

The root password is the encrypted string found between root:encrypted_password: just delete all the characters found between the two :

ESXi01-2012-12-30-23-24-54

Save the file, press ESC and shift+: and type wq!

After we’ve saved the shadow file, we need to wrap the compressed archives, type:

10- cd /mnt/esxi_disk
11- tar czf local.tgz etc
12- tar czf state.tgz local.tgz
13- rm -r local.tgz etc

ESXi01-2012-12-30-23-30-58

And we’re done, just type reboot then remove the live CD and wait for ESXi to boot and when you press F2 keep the password field blank and tada you’re in ;-), don’t forget to change the root password and if your memory tends to fail you with passwords put those password in an encrypted database somewhere.

Abdullah^2

1420 Total Views 15 Views Today
Share

34 Thoughts on “vSphere 5.x Tip To Toe: Reset ESXi root user password “Lost r00t o_0?”

  1. Wonderful. Worked a treat. For some reason my cusor keys didn’t work in vi, but it was fixed using

    http://linuxblog.pansapiens.com/2007/10/31/fixing-the-arrow-keys-in-vim/

    Thanks!

  2. rellik on May 30, 2013 at 12:23 am said:

    Dude you saved my life by boss was going to kick my @$$ if I didn’t get access to all of the vm’s on the server

  3. Bartje on June 3, 2013 at 1:03 pm said:

    Work great. Thanks.

  4. Oliver on June 12, 2013 at 11:26 am said:

    Awesome dude!!! sooper, really helped us in a critical situtation,nice way of explanation and liked your article, All the best. :-)

  5. Nabil Basah on June 12, 2013 at 11:57 am said:

    Really good artical.. Helped a lot and good explanation ..

  6. This makes me happier and happier that I was able to help :)

    (Abdullah)^2

    • Jerry LeClear on June 24, 2013 at 7:52 pm said:

      We tried it this morning and we can’t get it to connect to the ip address for the vsphere. Any thought?

      • Hi,

        Well denial of connection is not related to the reset of the root account’s password, are you able to ping the host?

        • Jerry LeClear on June 26, 2013 at 5:58 pm said:

          Thanks for the idea. We were using a test server before we did it on a live box. When doing this we overlooked that we had a laptop plugged in with the same static ip. After we unplugged the laptop restarted the network BOOM vSphere came up. We are going to go through it one more time before we do it live some evening this week. Thanks for your help.

  7. Ilkin on June 28, 2013 at 2:49 pm said:

    Thanks a lot!

  8. Felipe on July 2, 2013 at 4:23 pm said:

    Congrats, very useful.
    Helped me so much.
    Thanks for the post.

  9. Note that if you’re doing this procedure on vSphere 5.1 – you will need to perform all steps on both /dev/sda5 AND /dev/sda6!! Otherwise, the root password won’t get cleared out.

    • Thanks for your note, Steven. The root password did not get reset [ESXi 5.1.0] when only /dev/sda5 was modified. I was about to give up, but your note of also modifying /dev/sda6 saved my day. And, of course thanks to doOdzZZ, for the main tip.

  10. Laurent Saga on September 25, 2013 at 11:19 pm said:

    Very good article. Followed the step by step process, and solved the issue which was going on for two months.
    So wonderfull. The consulting company was suggesting a complete reinstallation of the server. :)

    Note: Just a small mistaping on the command to verify mounted disk on step 3.

    cd /mnt/esxi_disk and not cd /mtn/esxi_disk

    Again thanks a lot.

  11. great article, however i seem to have a bit of a problem getting the file to save. I even go back to check to see if the file has been changed which it has. But after the reboot the password is still there? What could be the issue?

  12. Hello, I thinking to apply this procedure on one of my ESXi servers, I don’t really known how I could lose the root password!!! Anyway before doing this, I would like to know if there are many risk associated with this procedure… I mean, I known that VMware KB said that you NEED to re-install your server, but this procedure looks very logical and make me think that you probably won’t get a unstable system… Has anyone had problems with the ESXi server after applying the suggested method?? I would use this over ESXi 5.1 U1 version.

    Thank you in advance.
    Greetings from Colombia.

    • Hello Hernan,

      Thank you for sharing your thoughts, I have done this with numerous customers and I didn’t have any issues afterwards. I suggest you would do it on a test box or on a test ESXi on VMware Workstation first, just that you’d know what you’re doing and what would the outcome be.

      Thank you once more,
      (Abdullah)^2.

  13. Pingback: Resetting root password on ESXi5.x | aquacastle

  14. Had to do the same procedure like Steven, but did it on a vSphere 4.x. Like him i had to perform all steps for sda5 and sda6.

  15. Charles on December 7, 2013 at 9:55 pm said:

    Was moving along swimmingly until tar xzf local.tgz, then got etc/random-seed cannot set to rw—–.

    Not a linux person so backed out until I find some answers

  16. I can’t believe I was dumb enough to forget my password… \:-(

    And when “upgrading” to ESXi 5.5, and “reinstalling” didn’t clear the password I thought I was sunk. So one more Google search and I found your blog. Worked like a champ! I really appreciate the tutorial.

    Thanks so much!

  17. InDIreNeedofHelp! on March 29, 2014 at 8:11 am said:

    After going through this process and booting up the ESX host, how do you ensure that your guest VMs on the host power up? Do they “remember” their state and come back up automatically? Or would you need to power them on manually?

    • Hello, yes your VMFS datastore will still be intact and if you mean that you have your virtual machines set to automatic startup then yes they will start normally without any issues.

      • InDireNeedofHelp! on April 1, 2014 at 2:09 am said:

        So when we tried this on our test ESXi 5.1 host, everything seemed to work and the password was wiped / reset successfully. However, when trying to access the host from VSphere client, we now get an error message: vSphere Client could not connect to “ip address”. An unknown connection error occurred. (The server could not interpret the client’s request. (The remote server returned an error: (503) Server Unavailable.))

        Help!

        • Hello,

          The error which you’ve mentioned is related to network connectivity and not to the ESXi root account reset, are you sure of the host’s network configuration?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Post Navigation