VMware Cloud Community
mbartle
Enthusiast
Enthusiast

Can't change root password on ESXi 6.7

The only KB I could find about this refers to the password not being complex enough.  The password meets all the criteria.  The passwd command doesn't even let me enter the password, it throws this error.  I also tried from the web client, same issue.  Any idea how to fix this?

[root@xxxx-esxi00:~] passwd
Changing password for root
passwd: Authentication token manipulation error
passwd:
[root@xxxx-esxi00:~]

Reply
0 Kudos
5 Replies
scott28tt
VMware Employee
VMware Employee

Full process: https://kb.vmware.com/s/article/1004659

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
e_espinel
Virtuoso
Virtuoso

Hello.
The info in this link may help you.

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcenterhost.doc/GUID-730BC171-4BED-...

 

 

Enrique Espinel
Senior Technical Support on IBM, Lenovo, Veeam Backup and VMware vSphere.
VSP-SV, VTSP-SV, VTSP-HCI, VTSP
Please mark my comment as Correct Answer or assign Kudos if my answer was helpful to you, Thank you.
Пожалуйста, отметьте мой комментарий как Правильный ответ или поставьте Кудо, если мой ответ был вам полезен, Спасибо.
Reply
0 Kudos
mbartle
Enthusiast
Enthusiast

This doesn't work. I am SSH in as root. 

I tried to issue the command passwd and specifying the root account yet it still gives this error . Doesn't even give me a chance to enter the new password

passwd root
Changing password for root
passwd: Authentication token manipulation error
passwd:

Reply
0 Kudos
e_espinel
Virtuoso
Virtuoso

Hello.
Try another way:

Login to the DCUI (to enable the ESXi Shell if not already done) Login with root and the correct password. Go to Troubleshooting Options Select Enable ESXi Shell

Press CTRL+ALT+F1 At the ESXi shell login with root and the password Run the following commands to show number of failed attempts:

 pam_tally2 --user root

Post your result
If you succeed to login you can also try to change the password
you should get something like this

e_espinel_0-1636740965743.png

In ESXi 6.5 and later, default password compliance is mix of characters from four character classes is used when creating a password.

The character classes are:

    Lowercase letters

    Uppercase letters

    Numbers

    Special characters (e.g. _ or -)

 

 

Enrique Espinel
Senior Technical Support on IBM, Lenovo, Veeam Backup and VMware vSphere.
VSP-SV, VTSP-SV, VTSP-HCI, VTSP
Please mark my comment as Correct Answer or assign Kudos if my answer was helpful to you, Thank you.
Пожалуйста, отметьте мой комментарий как Правильный ответ или поставьте Кудо, если мой ответ был вам полезен, Спасибо.
Reply
0 Kudos
mbartle
Enthusiast
Enthusiast

Fixed the issue.  There was an entire line missing from /etc/pam.d/passwd .  No idea how that happened (this is a ESXi built into a Dell IDPA solition I was trying to change password on)

EMC support helped me.  We had to add this and then I was able to change the root password right away

# Change only through host advanced option "Security.PasswordQualityControl".
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7

Reply
0 Kudos