VMware Cloud Community
beval
Contributor
Contributor

Lost vCenter root password

Hi all,

our vadp backup stopped working and I can't log to vSphere console as an vadp user. So I thing there is something wrong with a password of the vadp user. But I found I forgot my root password to vCenter Server Appliance 5.1 (built on Linux). Is there any chance to change it?

Thanks for any ideas.

Pavel

18 Replies
JoaoCastro
Enthusiast
Enthusiast

The Vmware appliances are Suse linux based, so you can try one this methods below to reset your root password:

Link:

SDB:Recover root password - openSUSE

regards,

Joao Castro

JagadeeshDev
Hot Shot
Hot Shot

To reset the root user password in the vCenter

  1. Boot the virtual appliance and navigate to the console for the virtual machine in the vSphere Client.
  2. Click in the console and press any key to display the GRUB menu.

    Note: The GRUB prompt remains on screen for 7 seconds before it starts the boot sequence.

  3. On the GRUB menu, select SUSE Linux Enterprise Server for VMware.
  4. Type e to edit the line. A list of items in the GRUB configuration file appears.
  5. Select the line that starts with kernel and type e to edit the line.
  6. At the end of the line, press the spacebar and type init=/bin/sh.
  7. Press Enter to exit edit mode.
  8. On the GRUB screen, type b to boot into single-user mode.
    The virtual appliance boots in single-user mode.
  9. To change the root user password, type passwd root and follow the on-screen prompts.
  10. To restart the virtual appliance, type reboot and press Enter.

When the virtual appliance restarts, you can log in using the new password.

http://www.myitblog.in/
beval
Contributor
Contributor

I have read the procedure. There is a problem with a password I'm asked when I try open the GRUB menu. There is also no "SUSE Linux Enterprise Server for VMware" but only "VMware vCenter Server Appliance" as the first option and "Failsave -- VMware vCenter Server Appliance" as the second. I can select one of the options or press "p" to enter a password to unlock the next set of features.

Reply
0 Kudos
beval
Contributor
Contributor

Hi, I tried both options: boot with rescue CD and Single User option also.

First option with rescue CD failed when I tried mount /dev/sd* with command:

mount -o remount,rw /dev/sdb2 /mnt/

error message is:

mount: /mnt not mounted or bad option

IfI use ls /dev/sd* I can see:

/dev/sda     /dev/sda2     /dev/sdb     /dev/sdb2

/dev/sda1     /dev/sda3     /dev/sdb1     /dev/sdb3

No /dev/hda* is presented.

Second option using the Single User mode failed because there is a password locked GRUB. I don't know this password. The only option I can see in the GRUB boot menu is to enter a password for more options.

Reply
0 Kudos
LakshmikanthPan
Enthusiast
Enthusiast

Hi,

If you are still looking for a solution ..Can u paste output of following commands after you boot from the Rescue CD

df -h

fdisk -l

dmesg |grep sd

Probably sdb2 is not the root filesystem.

Are you sure you are using the OpenSUSE install CD as the Rescue CD ?

-LP

Reply
0 Kudos
beval
Contributor
Contributor

Hi,

I finally found the solution with VMware support.

Solution:

  1. Follow the manual http://en.opensuse.org/SDB:Recover_root_password:
    1. Boot from SuSE Install CD/DVD:
    2. select Recovery
    3. log on as root without password
    4. fdisk -l to detect a system partition
    5. mount /dev/sda3 /mnt (where /dev/sda3 is the system partition) to mount
  2. Reset the root password
    1. do a backup of a shadow file with passwords: cp /mnt/etc/shadow /mnt/etc/shadow-bak
    2. edit the shadow file: vi /mnt/etc/shadow (see Understanding /etc/shadow file)
    3. DO NOT delete passwords, you can't log on with no password
    4. I fortunately have created one other user with a password I know. I copied a hashed form of the password from this user to root. Maybe there is another way to get a hashed form of some word and put it to root if you don't have other user created with a known password.
    5. I can log on as root after reboot.

Thanks to all. Pavel

IndraPutu
Contributor
Contributor

i was able to reset the root password based on your steps, thanks Smiley Happy

Reply
0 Kudos
smolz
Contributor
Contributor

JD wrote:

To reset the root user password in the vCenter

  1. Boot the virtual appliance and navigate to the console for the virtual machine in the vSphere Client.
  2. Click in the console and press any key to display the GRUB menu.

    Note: The GRUB prompt remains on screen for 7 seconds before it starts the boot sequence.

  3. On the GRUB menu, select SUSE Linux Enterprise Server for VMware.
  4. Type e to edit the line. A list of items in the GRUB configuration file appears.
  5. Select the line that starts with kernel and type e to edit the line.
  6. At the end of the line, press the spacebar and type init=/bin/sh.
  7. Press Enter to exit edit mode.
  8. On the GRUB screen, type b to boot into single-user mode.
    The virtual appliance boots in single-user mode.
  9. To change the root user password, type passwd root and follow the on-screen prompts.
  10. To restart the virtual appliance, type reboot and press Enter.

When the virtual appliance restarts, you can log in using the new password.

This method does actually work quite well.  Instead of " On the GRUB menu, select SUSE Linux Enterprise Server for VMware" just choose the second option "Failsafe" then continue from step 4.  Just did this on a vCenter 5.5.0.5101 appliance.

speeddensity
Contributor
Contributor

You might need to press "p" at step 4 and enter "vmware" as the password to allow you to then perform the edit.

Ive just done this now...

Reply
0 Kudos
sigma222
Contributor
Contributor

Thank you. Worked like a charm for me.

Reply
0 Kudos
itsolution
Contributor
Contributor

I believe this is "best practice".

kb.vmware.com/kb/2069041

Reply
0 Kudos
JRHelgeson
Contributor
Contributor

Pavel,

Thank you for this post. It was exactly what I needed. However, rather than modify the shadow file using vi, I noticed that there was a "shadow.old" file that was created by the vSphere installer.  I simply renamed my shadow file and copied the shadow.old to shadow.

  1. Follow Solution steps 1 below
  2. Reset the root password
    1. view the contents of the directory: ls -l /mnt/etc/shadow*
      1. I saw "shadow" and "shadow-old", the latter had a date stamp of around the original install date.
      2. I compared the contents of each cat /mnt/etc/shadow and cat /mnt/etc/shadow-old doing a 'stare and compare' and seeing that the only difference was the hash value for the user 'root'.
    2. Rename shadow to shadow.bak: mv /mnt/etc/shadow /mnt/etc/shadow-bak
    3. Copy shadow-old to shadow: cp /mnt/etc/shadow-old /mnt/etc/shadow
    4. Verify: ls -l /mnt/etc/shadow*
      1. You should see shadow, shadow-old, shadow-bak - and possibly others - but you MUST have 'shadow' file, otherwise you're in a world of hurt.
    5. Reboot - I was then able to login as root | vmware

Hi,

I finally found the solution with VMware support.

Solution:

  1. Follow the manual http://en.opensuse.org/SDB:Recover_root_password:
    1. Boot from SuSE Install CD/DVD:
    2. select Recovery
    3. log on as root without password
    4. fdisk -l to detect a system partition
    5. mount /dev/sda3 /mnt (where /dev/sda3 is the system partition) to mount
  2. Reset the root password
    1. do a backup of a shadow file with passwords: cp /mnt/etc/shadow /mnt/etc/shadow-bak
    2. edit the shadow file: vi /mnt/etc/shadow (see Understanding /etc/shadow file)
    3. DO NOT delete passwords, you can't log on with no password
    4. I fortunately have created one other user with a password I know. I copied a hashed form of the password from this user to root. Maybe there is another way to get a hashed form of some word and put it to root if you don't have other user created with a known password.
    5. I can log on as root after reboot.

Thanks to all. Pavel

Reply
0 Kudos
eRJe
Contributor
Contributor

Thanks for your remark! After spending half a morning trying to reset the password according to the "official" procedure, I finally succeeded by choosing fail-safe mode instead of the normal mode.

Reply
0 Kudos
rev22
Contributor
Contributor

Thank you - these posts were quite helpful. Although in my situation, the use of shadow.old did not work. A "stare and compare" of all shadow files had the root password string the same. A 'cat' of the shadow.YaST2save file showed there was no password string for root. After seeing this and having few options, I ended up blanking the password string for root in the live ‘shadow’ file then upon reboot there was a message on DCUI main screen stating the root password needed reset. I chose F2 to login to the DCUI and I was prompted to set a new password. So I set a new one, it was accepted and it logged me in. This was on a VCSA 6.0 appliance. I thought this was an interesting twist that I didn't see in any research so I thought I would enter it here.

Reply
0 Kudos
murali4y2k
Contributor
Contributor

Reboot the vCenter Server appliance using the vSphere Client.

When the GRUB bootloader appears, press the spacebar to disable autoboot.

Note: If the time between when you power on the virtual machine and when it exits the BIOS or EFI and launches the guest operating system is too short, you can adjust the delay. For more information, see Delay the Boot Sequence in the VMware vSphere 5.5 Documentation guide.

2069041_1.png

Type p to access the appliance boot options.

Enter the GRUB password.

Note:

    If the vCenter Server 5.5 appliance was deployed without editing the root password in the Virtual Appliance Management Interface (VAMI), the default GRUB password is vmware.

    If the vCenter Server 5.5 appliance root password was reset using the VAMI, then the GRUB password is the password last set in the VAMI for the root account.

Use the arrow keys to highlight VMware vCenter Server Appliance and type e to edit the boot commands.

2069041_7.png

Scroll to the second line displaying the kernel boot parameters.

2069041_2.png

Type e to edit the boot command.

Append init=/bin/bash to the kernel boot options.

2069041_3.png

Press Enter. The GRUB menu reappears.

Type b to start the boot process. The system boots to a shell.

Reset the root password by running the passwd root command.

Restart the appliance by running the reboot command.

Reply
0 Kudos
bkcsfi
Contributor
Contributor

Unfortunately I lost root password to VCA 6.0.0 and also could not unlock grub because the password was unknown.

my solution was to boot ubuntu 15-server iso image, choose rescue a broken system and eventually mount /dev/sda3 as root

after getting a shell I just used the passwd command to reset  the password, I did not have to edit shadow file..

Reply
0 Kudos
MallocArray1
Contributor
Contributor

Solution:

  1. Follow the manual http://en.opensuse.org/SDB:Recover_root_password:
    1. Boot from SuSE Install CD/DVD:
    2. select Recovery
    3. log on as root without password
    4. fdisk -l to detect a system partition
    5. mount /dev/sda3 /mnt (where /dev/sda3 is the system partition) to mount
  2. Reset the root password
    1. do a backup of a shadow file with passwords: cp /mnt/etc/shadow /mnt/etc/shadow-bak
    2. edit the shadow file: vi /mnt/etc/shadow (see Understanding /etc/shadow file)
    3. DO NOT delete passwords, you can't log on with no password
    4. I fortunately have created one other user with a password I know. I copied a hashed form of the password from this user to root. Maybe there is another way to get a hashed form of some word and put it to root if you don't have other user created with a known password.
    5. I can log on as root after reboot.

This helped me. I used an Ubuntu workstation CD and booted to a live environment. I then opened a terminal and started at step 1.4, making sure to put "sudo" in front of each command.

I didn't have a password hash I knew, so I had to make one up using this as a guide

http://unix.stackexchange.com/questions/76313/change-password-of-a-user-in-etc-shadow

sudo apt-get install whois (needed for my distro)

I could then use mkpasswd with an option for a MD5 version. I don't recall the exact option I had to include, but mkpasswd --help showed it to me

I then typed in my desired password and it outputted the encrypted version. I copied it, and then used nano instead of vi on step 2.2

sudo nano /mnt/etc/shadow

I deleted everything between the : where the password was on the line for root and pasted in my new one.

CTRL+X to save and exit, a reboot and I was back in business.

Reply
0 Kudos
sathyay2k
Contributor
Contributor

Please find the below link to recover the grub and root password from the vcenter server appliance.

How to break GRUB / Recover Root password on VCSA 6.0 ? - UnixArena

Reply
0 Kudos