VCENTER – HOW TO RESET PASSWORD IF LOST
########################################

I show you how to reset the root password which is used to connect to the vcenter web gui (the one you access like this https://vcenter:5480/). Also its used to access the console (notice the login button, that will bring up a user prompt, where one would put “root” for username and whatever for the password). The default password is “vmware”. If your password or “vmware” doesnt work chances are you forgot the password and/or its expired. I will show you how to recover the password and also how to set the expiration to NEVER!

LINKS
######

I present you some links in no particular order

http://www.thegeekstuff.com/2009/04/chage-linux-password-expiration-and-aging/
http://www.cyberciti.biz/tips/setting-off-password-aging-expiration.html
http://www.virtuallyghetto.com/2013/09/how-to-recover-vcsa-55-from-expired.html
http://www.cyberciti.biz/faq/understanding-etcshadow-file/
http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.vcenterhost.doc%2FGUID-A8071210-2F1C-447F-AFCD-A585D318F264.html
http://en.opensuse.org/SDB:Recover_root_password
https://communities.vmware.com/message/2263902

To download OpenSuse:
http://software.opensuse.org/131/en
Click on Rescue and select the 64 bit (or 32bit it doesnt matter)

INSTRUCTIONS
##############

1. Download Rescue CD for any Linux (it can be Knoppix, or Suse Linux)
NOTE: I downloaded the OpenSuse linux Recovery CD (64bit)
32 bit or 64 bit doesnt matter as we are just going to be editing files and not launching any programs

2. Launch vCenter with the CD (if your using a VM to launch your vCenter then you will need to edit the VM settings to connect the CD with the Recovery ISO)

3. Once your in open up a Terminal or Xterm and make sure to get root access

Either one works

4. Once in, check out your partitions. VMWARE puts its stuff usually on /dev/sda3

I see two items with 3rd partition, usually its sda3
sda3
sdb3

You should see root user and plenty of vmware type of user names
If you dont try the other 3rd partition disks (this should never happen though, im pretty positive vmware center main boot data is always on sda3)

5. Backup the shadow file

6. Lets make a test user with our current setup, so that we can copy the new users password in place of the vmware root password

Set the password to “vmware” (thats the default password for vcenter). We can change it later through the webgui of vcenter. (the webgui being https://vcenter:5480)

This user test123 didnt get created into the vmware environment (so dont worry), it was made into the recovery environment and it will disappear once we reboot (since recovery environments never save settings – unless persistent storage is given)

Imagine it looks like this:

NOTE: For you it will not say $6$hajksdfhklajsdhfkljasdf even if you use the same password as vmware (first off its always different, second of all I just made up that above password by smashing keys)

The format of every line in the shadow file is like this.

 

We just need the password part.

Anyhow Lets append that to the vmware shadow file

7. Lets edit the vmware shadow file

I will assume general knowledge of vim (like visual mode – with v key, navigation with arrow keys or with the hjkl keys, deleting a character with the x key)

Locate the line for username root and username test123 (test123 should be at the bottom)

Find the root user and delete its password so that it looks like this (maybe leave extra spaces in between there so that you can easily paste):

Notice the password is missing and we just put extra spaces

NOTE: with vi you can character at a time with the “x” key (when in vi normal, and not in insert mode)

Now locate the test123 string and lets copy its password portion out and put it in the spaces where the root users password should be:

Copy the password part, so in this case its:

The way I would copy it in vim/vi is like this:
In normal mode put the cursor on the first $ sign which is the first character of the password field, and click “v” (for visual mode), then press the right arrow key (or “l” key, thats a lower case L) a few times until your blinking cursor is sitting on the f (the last character of the password field). So you should see a big selection box (thats what visual mode is for, its for selecting stuff), so now copy it with the “y” key (which means yank).

Now using the arrow keys (or the hjkl keys of vim) scroll up to the root usernames password field (and put the cursor right where all of the spaces are – right in the middle of the spaces)

 

I put a dot where to put the cursor
Now press “p” to paste

The root line should now look like this

Now delete any of the extra spaces with “x” key so that it looks like this:

Now scroll down to the line that says test123, and press “d” twice so that the line is deleted. Now save and exit with “:wq!”

8. Now get out of the recovery rescue environment

That last command will power off the machine

9. Take out the recovery/rescue cd

10. Boot up to normal mode. Now you should be able to get in to the console and the webgui (if cant get to webgui but can to console follow step 11)

11. Setting up none expiring password (fixing WebGUI not accessible)

If you still cant get in via WebGUI (but you can login to the console), you should be able to get in via the console. So press Login on the console and login via your  (Just press ENTER when your at this screen):

Then log in with these credentials (remember at this point console login should work if it doesnt repeat all of the above steps, it the webgui that shouldnt work)

Most likely you werent able to login because of your expiration values being off (maybe you waited so long that the expiration date is before todays date). Lets fix this by removing expiration.

The program chage can be used for that, luckily vcenter has it.

First see what chage says about your user:

What we want is something like this:

Option1 – manually edit with vi

That or you can edit the last fields to say this:

 

16255 means that last password change was on July 4th 2014, it doesnt matter though it will never expire.

Option2 – use chage command line

Option3 – use chage interactive mode:

Without rebooting you should now be able to log in via webgui as well. After confirming, Reboot the box to confirm all is good and persists via reboot

Another Way to get none-expiring password
If you log in to the webgui and change the admin password to your choosing (from vmware), you can now set the password to expire in 99999 days or to never expire (it got the 99999 from our above steps)

So if we set it to not expire ever (not even in 99999 days, but in forever ever it wont expire).

It will then look like this after you set the root user (which is gracefulyl called admin user in the gui – even though we log in to the webgui with “root”)

 

So you can just set the Maximum password instead of 99999 to -1

Option1: “with vi”
So if you do it manually with vi, it will look like this:

Notice the 5tyh field is just empty

Option2: “with chage interactive more”

When asked for Max Password just set it to -1 and hit enter

Option3: “with chage none interactive (commandline)”
Or you can use the command line to set it like this

 

 

One thought on “VMWARE Vcenter Cant login – forgot root password – root password recovery and remove expiration

  1. This worked PERFECTLY for me. I deployed vCenter 6 using a password generated from KeePass, and then my machine crashed, KeePass didn’t save my password. But this walk through was spot on and now I’m back into my vCenter install. You probably saved me several hours worth of work so thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *