bahrialtay - Fotolia


How to change an ESXi password for vCenter

A forgotten ESXi root password can stop you in your tracks. Avoid dodgy quick fixes and learn the proper way to recover a root password for vCenter-connected and stand-alone hosts.

Everyone forgets a password once in a while. If you forget your ESXi root password, you can find many quick fixes online, but many of these options -- such as changing the bootbank files -- seem questionable at best. Fortunately, you can use better, less risky methods to change a forgotten root password.

If the affected host connects to vCenter, you can use Host Profiles to change the root password. If you have a standalone host, you must reinstall and reconfigure ESXi during the password reset process.

Change an ESXi root password for a vCenter server

  1. To prepare for a password reset, begin by migrating all VMs to alternate hosts as a belt-and-brace security measure.
  2. Set Distributed Resource Scheduler to manual and then open the vSphere Web Client for vCenter. In Active Directory, navigate to the Host Profiles icon.
  3. Next, select Extract Host Profile and choose the appropriate ESXi host.
Select a host to extract its profile.
Figure A. Locate the affected host from the Select Host menu to extract its profile settings.
  1. Choose an appropriate name and then advance to the final page; click the Finish It takes a few minutes for the Web Client to create the profile.
  2. Edit the finished profile to change the default password. This effectively applies it back to the problematic host.
  3. Open the Host Profile page and select the new profile. At the top of the page, click the Edit Host Profile Once you click through the first page, you'll see a tree of settings including Advanced Configuration Settings and General System Settings.
Edit the Host Profile to change settings.
Figure B. You can easily change the settings of your newly created Host Profile.
  1. Expand the Security and Services item group, then expand the Security Settings item group underneath that. Finally, expand the User Configuration item group and select root. To reset the password, select the password drop-down menu and select Fixed password configuration.
Set a new root password.
Figure C. Expand the Security and Services, Security Settings and User Configuration item groups until you reach root, and then change the root password.
  1. Choose a new password for the ESXi server. Enter it into the password field to confirm it and click Finish.
  2. This profile should apply the new password to the affected ESXi host. Next, select Attach/Detach Hosts and Clusters from the Actions drop-down menu. This action attaches and applies the profile to the affected host.
Attach and apply the new profile to the affected host.
Figure D. From the Actions drop-down menu, select Attach/Detach Hosts and Clusters to attach the new profile to the affected host.
  1. Continue to click through this menu. Select the appropriate ESXi host and click Finish to complete.
  2. Finally, navigate to the Hosts & VMs page. Select Remediate for the affected host. Remediation takes a few minutes, but once it's complete, you can open the host in your vSphere Client and log in with the root name and newly reset password.

Change an ESXi root password for a standalone host

The password reset process for a standalone host is more involved than for a vCenter-connected host. You must reinstall ESXi on top of the affected host, which removes all host configuration and network details and enables you to access VMs that might otherwise be lost.

  1. Start by booting from the ESXi installation media. Follow the installation prompts until the installer reaches the screen that asks you to select a disk to install or upgrade. Select the appropriate disk and press Enter.
  2. The installer should detect an installed ESXi setup and present several options. Select Install ESXi, preserve VMFS datastore.
ESXi installer prompt
Choose Install ESXi, preserve VMFS datastore from the list of VMware ESXi Installer options.
  1. The installer should then configure the ESXi installation. When the configuration finishes, the installer prompts you to reboot. You can log back into the server after the reboot, either directly or via your web interface.
  2. Next, configure network port groups and other components. Since the VMs remain available, you must also recreate the port groups and all associated configurations.
  3. After you recreate the port groups, reattach the network to the appropriate port group. At this point, reboot again.

If you use a standalone machine, consider using a second account and reserving the root account for emergencies.

Next Steps

Protect your Active Directory passwords using Enzoic.

Use the command line to backup and protect your ESXi hosts.

Dive deeper into VMware security.

Dig Deeper on VMware ESXi, vSphere and vCenter

Virtual Desktop
Data Center
Cloud Computing