Forgot vCenter Server Appliance root and SSO administrator password
Loosing the SSO administrator password of vCenter Server Appliance (vCSA) is really bad. Anyhow, this password can be reset, as far as you still have access to the appliance console - this requires the root password. If you also forgot this one, this is really, really, really bad - but also this happens sometimes in labs.
The VM configuration needs to be altered so that it boots from the ISO (mount ISO at boot time, change boot order or access boot menu).
Once the Linux system has started, you will need to mount the third partition of the vCSA hard drive. Depending on the Linux distribution, device names might vary - so make sure to check the output of the
1# lsscsi 2# mount /dev/sda3 /mnt
Afterwards, a copy of the file
/etc/shadow is created - also, display the entry for
root in this file:
1# cp /mnt/etc/shadow /mnt/etc/shadow.old 2# grep root /mnt/etc/shadow 3root:$6$**cVgMY7af**$XZSSEKvitiqwUaLFZ4QVKEQ1El/Fra2TUFDHDFk1O8eu4aMQo0WfYrA5tVe7OAB4d2z442OIYkqH5BhGV9Vtr.::0:99999:7:::
The red marked word is the password's hash. Using the following Python command it is possible to generate a new password with this hash:
1$ python -c "import crypt, getpass, pwd; print crypt.crypt('MyPassword', '$6$SALT$')"
In this example:
1$ python -c "import crypt, getpass, pwd; print crypt.crypt('MyPassword', '$6$**cVgMY7af**$')" 2$6$cVgMY7af$3Yzu1Q6Wgl58hmxTtwO/N9INm5NWHRWEjKg7kRcwHYDpWcMPU935vaZSq6pq6DdT2pekU7rQ325vpZI1RIgNw.
This line needs to be copied into the file
After rebooting the vCSA, access using SSH should be possible again. To reset the password for the SSO administrator, the following commands are sufficient if Platform Services Controller (PSC) is also part of the vCSA:
1Command> shell.set --enabled True 2Command> shell 3 ---------- !!!! WARNING WARNING WARNING !!!! ---------- 4... 5my-vcsa:~ # /usr/lib/vmware-vmdir/bin/vdcadmintool 6 7================== 8Please select: 90. exit 101. Test LDAP connectivity 112. Force start replication cycle 123. Reset account password 134. Set log level and mask 145. Set vmdir state 15================== 16 173 18 Please enter account UPN : firstname.lastname@example.org 19New password is - 20&/()32I'mDumb48730
Finally, you should change the password and make sure to store the password to avoid trapping into this again...