Changing a forgotten root password on an ESX/ESXi host

Details


This article provides steps to reset a lost or forgotten root password of an ESX/ESXi host.

Solution


Note: In some cases a defective keyboard can cause problems logging into an ESX/ESXi host. You might want to test with a different physical keyboard if you are having difficulties with known login credentials.



If you have forgotten or do not know the password for the root user on an ESX host, you may be able to change it without reinstalling.

Warning: This can be used maliciously and should be safeguarded against physical access to the host, authenticated remote console access, monitoring and protection against reboot procedures ( for example: grub password), and limited access to the management network.



For more information on security best practices, see VMware Infrastructure 3 Security Hardening.



Note: The procedure(s) below performs a password reset. This blindly replaces the existing root password with a new one. This is not a password recovery mechanism. That is, it does not allow you to learn the original root password. VMware does not provide tools or methods to recover the original root password of an ESX/ESXi host.

ESXi 3.5, ESXi 4.x, ESXi 5.x and ESXi 6.x

Reinstalling the ESXi host is the only supported way to reset a password on ESXi. Any other method may lead to a host failure or an unsupported configuration due to the complex nature of the ESXi architecture. ESXi does not have a service console and as such traditional Linux methods of resetting a password, such as single-user mode.

ESX 3.x and 4.x

Note: This section does not apply to ESXi.



To change the password for the root user on an ESX 3.x or ESX 4.x host:

  1. Reboot the ESX host.
  2. When the GRUB screen appears, press the space bar to stop the server from automatically booting into VMware ESX.
  3. Use the arrow keys to select Service Console only (troubleshooting mode).
  4. Press the akey to modify the kernel arguments (boot options).
  5. On the line presented, type a space followed by the word single.
  6. Press Enter. The server continues to boot into single-user mode.
  7. When presented with a bash prompt, such as sh-2.05b#, run the passwd command.
  8. Follow the prompts to set a new root user password. For more information, see Changing an ESX host root password (1004659).
  9. When the password is changed successfully, reboot the host using the reboot command and allow the ESX host to boot normally.

ESX Server 2.x

Note: This section does not apply to ESXi.



To change the password for the root user on an ESX 2.x host, you must reboot into single-user mode. To do this, perform these steps:

  1. Reboot the ESX host.
  2. When the LILO screen appears, press the space bar to stop the server from automatically booting into VMware ESX.
  3. At the LILO prompt select linux, adding the -s to the end of the line. For example: linux -s.
  4. Press Enter. The system begins to boot. The server continues to boot into single-user mode.
  5. When presented with a bash prompt, such as sh-2.05b#, run the passwd command..
  6. Follow the prompts to set a new root user password. For more information, see Changing an ESX host root password (1004659).
  7. When the password is changed successfully, reboot the host using the reboot command and allow the ESX host to boot normally.

When the system has finished booting, you can log in as the root user using the new password.