Solved: Can't reset VCSA 6.7 root password

mrmicp · ‎08-20-2020

Hi,

So I can't access the VCSA using root as the password says it's incorrect. This seems to have happened after the upgrade from 6.5 - 6.7 but I really thought I had the right password but I'm willing to accept that there may have been a mistype when upgrading. Anyway I looked on line and there is a simple procedure to rest the root password by restarting VCSA, pressing "E" on the Photon splash screen then editing the GNU GRUB menu. All goes smoothly, confirms new password has been accepted but when I reboot it won't accept the password? I've tried this quite a few times each time choosing a different password but for some reason it just doesn't seem to work.

Should maybe say I'm running vCenter HA if that makes a difference?

Thanks

Lalegre · ‎08-20-2020

Hey mrmicp

Try to use the procedure that was pointed before my answer and if that does not work please try to login from the Bash inside vCenter to see if exactly the same happens. If your account i locked out you can again restart vCenter, log in the GRUB and run the next command: pam_tally2 --user=root --reset

Also something additional that is useful just for you to know is that since vSphere 6.7 you can login to VAMI and even to vCenter using SSH with SSO-Domain users. The only thing needed is to add the users you want inside the next group: SystemConfiguration.BashShellAdministrators. And by the way you can also add groups there.

View solution in original post

ashilkrishnan · ‎08-20-2020

Hi

Please check if this helps - VMware Knowledge Base

Lalegre · ‎08-20-2020

Hey mrmicp

Try to use the procedure that was pointed before my answer and if that does not work please try to login from the Bash inside vCenter to see if exactly the same happens. If your account i locked out you can again restart vCenter, log in the GRUB and run the next command: pam_tally2 --user=root --reset

Also something additional that is useful just for you to know is that since vSphere 6.7 you can login to VAMI and even to vCenter using SSH with SSO-Domain users. The only thing needed is to add the users you want inside the next group: SystemConfiguration.BashShellAdministrators. And by the way you can also add groups there.

mrmicp · ‎08-20-2020

Hi,

Thanks for the replies.

@ashilkrishnan I followed the vmware knowledge base article, but my config appears to be slightly different instead of root:x:0:0:root:/root:/bin/bash mien read root:x:0:0:root:/root:/bin/appliancesh which I believe is correct so I left it.

@Lalegre So I added my AD account to SystemConfiguration.BashShellAdministrators (thanks for that tip), logged in to the VAMI, enabled Bash Shell then logged in to the Bash Shell with root and what I though was the right password and it worked! I disabled Bash Shell (well it timed out) and I can still log in with root and I can log in via the Console.

I only know enough to get me by with vSphere so not sure why that worked but it did, thank you both for taking the time to reply!

Mic P