VMware Cloud Community
Alceryes
Enthusiast
Enthusiast
‎07-22-2014 10:13 AM
Jump to solution

Getting host root access from vCenter (somehow)

I've got 2 hosts that I am able to access through vCenter (domain admin creds). However, we were never given the root password (or any password) to the local hosts. Now I am tasked with gaining root access to these hosts. They are production hosts so I can't reboot them on a whim but can schedule a reboot if it will definitely get me access. Also, the hosts are a few states away so I don't have console access (yet).

Any suggestions?

1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
‎07-23-2014 10:59 AM
Jump to solution

I can think of two methods which may work. The first one depends on your licenses, i.e. requires Enterprise Plus licensing. In this case you can set the password using Host Profiles (see e.g. http://www.vladan.fr/how-to-reset-esxi-5-x-root-password-and-under-which-conditions/). The second method - I never used this myself - is to change the hosts to AD authentication (which you already did), create an AD group "ESX Admins" with the entitled AD users, and then login to the host using the AD user account to change the root password. You may need to wait for a few minutes for the ESXi host to pick up the AD group members.

André

View solution in original post

5 Replies
ramprabhusekar
Contributor
Contributor
‎07-22-2014 12:23 PM
Jump to solution

Hi

Domain admin id will not work as root. 

The only option you can add your id with root permission which requires root credentials.  But once you done you can use your id as root.

0 Kudos
Alceryes
Enthusiast
Enthusiast
‎07-23-2014 09:23 AM
Jump to solution

Thx ramprabhusekar.

I don't have root access to either of the hosts. I don't even have vSphere Client access directly to the hosts. Are you saying I would need that in order to assign root permissions to a different user? Is there anything I can do in vCenter to gain local access? I tried changing authentication from local to AD and give administrator access to a user but I get a "You do not have permission to log in to the server..." error.

Any ideas or other thing to try?

0 Kudos
a_p_
Leadership
Leadership
‎07-23-2014 10:59 AM
Jump to solution

I can think of two methods which may work. The first one depends on your licenses, i.e. requires Enterprise Plus licensing. In this case you can set the password using Host Profiles (see e.g. http://www.vladan.fr/how-to-reset-esxi-5-x-root-password-and-under-which-conditions/). The second method - I never used this myself - is to change the hosts to AD authentication (which you already did), create an AD group "ESX Admins" with the entitled AD users, and then login to the host using the AD user account to change the root password. You may need to wait for a few minutes for the ESXi host to pick up the AD group members.

André

Alceryes
Enthusiast
Enthusiast
‎07-23-2014 11:22 AM
Jump to solution

Thx André!

We don't have Enterprise Plus so that's out. We'll try the ESX Admins group to see if that works. Is this because there's a built in 'ESX Admins' group in ESX hosts?

I'll let you know how it goes...

André - The 'ESX Admin' group worked! Thanks a million!

0 Kudos
a_p_
Leadership
Leadership
‎07-23-2014 11:26 AM
Jump to solution

Yes, "ESX Admins" is a default group name.

André

0 Kudos