Reset forgotten ESXi root password on Domain joined Esxi using vSphere web client and Powercli
Reset ESXi root password using Host Profiles on vCenter server: VMWare vSphere Web client
This is third part of the above related articles reset forgotten root password on esxi and there is a disclaimer Use this procedure on your own risk because method mentioned here is unsupported by VMware and unofficial. Before making any changes to Esxi make sure you have taken complete Esxi server configuration backup. Also to reset esxi root password using offline ISO, you will require reboot so make sure you plan and put Esxi server into maintenance mode, this will ensure no VMs are running on subjected Esxi host and it is good for activities. This document I created for my colleague who are windows administrator and bit hesitant on using Linux command to make changes, 80% changes are made using Linux user interface.
For this demo, I have downloaded hiren boot cd from url location http://www.hirensbootcd.org/download/. I mostly use either Dell or HP server, and use DRAC and ILO respectively for remote console. Once ISO is mounted on ILO or DRAC of server, Reboot esxi and go to BIOS and change BOOT option to CD-ROM, Exit with saving changes, One more time server is rebooted and ISO boot is loaded.
Once server is booted from bootable Hiren's BootCD, Select 3rd option from the list >> Linux based rescue environment (Parted Magic), and hit enter to start live CD OS.
Next hit enter on Start (Options: Language us). This will start loading OS from CD.
Once OS is loaded, There is Partition Editor software icon on the desktop, double click it, this loads Gparted utility. Here in the partition lists Esxi configuration is stored on physical hard disk partition /dev/sda5 and /dev/sda6. As Esxi maintains configuration backup, For Esxi 6.5 sda5 partition contains backup of esxi configuration files/folders, and Sda6 has current configuration files and folders.
I am going to mount both the drive one by one first I am going to show it for Sda5 then same configuration need to be done on sda6 as well. First right click on /dev/sda5 and click Mount, then select the mount location to /dev/sda5.
Once Esxi partition is mounted successfully, open File Manager icon on desktop twice and on first file manger navigate to sda5 250M/media/sda5 and on other file manager go to folder location /tmp. Locate file name state.tgz from folder path /media/sda5, copy it and paste it under /tmp folder.
Once file is copied, under /tmp, either double click state.tgz or right click it go to context menu Open>> Extract. This untar/unzip data under state folder.
There is a untarred local.tgz file under folder /tmp/state now. Double click local.tgz or in the context menu right click, Open then extract it, to the local folder, inside local folder there is etc folder.
Go to the path /tmp/state/local/etc. Find shadow file inside, right click and open it with Text Editor as shown.
Passwords are registered under shadow file, Remove the hash info, this is encoded password (This almost impossible to break or decrypt dcode this password). Removing this code means root password is made empty or blank. Save this file.
Next open RoxTerm from taskbar, this is similar to putty or Terminal command tool. Type command cd /tmp/state/local. This location has the esxi configuration files and modified shadow folder with blanked root password inside etc folder. Tar the etc folder using tar -czf local.tgz etc and next run next command tar -czf state.tgz local.tgz, to make ready state.tgz.
As you can see when I list the directory. I see local.tgz and state.tgz already present, because I tested it before hand, running tar command again update both tgz file. No need to rerun tar command again and again, this is just for demo purpose.
Here I am copying processed state.tgz file from /tmp/state/local to /media/sda5 ESXi server, this will show message of overwrite, as file already exist. Go ahead with the same and replace it.
Next on GParted partition editor, right click sda5 device (it shows a lock means it is mounted) and click unmount.
Next Do the same for /dev/sda6 partition, mount it, copy state.tgz, untar, and under local/etc folder local shadow file and make necessary changes to root user by removing hashed encoded password string. You can also perform this trick completely using command line on RoxTerm as below.
# This mounts the sda6 partition
mount /dev/sda6 /mnt
# Change directory location to /mnt
cd /mnt
# Copy file state.tgz to /tmp folder
cp state.tgz /tmp
# Change directory location to /tmp
cd /tmp
# Untar state.tgz file
tar -xzf state.tgz
# Untar local.tgz file
tar -xzf local.tgz
# Change directory location to etc
cd etc
# Edit shadow file using vi editor, Press i to start editing, once password hash is removed, press esc button and save it with :wq.
vi shadow
# Tar (update) etc folder into local.tgz
tar -czf local.tgz etc
# Tar (update) local.tgz folder into state.tgz
tar -czf state.tgz local.tgz
# Copy new state.tgz to /mnt/ on esxi server
cp state.tgz /mnt/
# Unmount partition /mnt and reboot.
unmount /mnt
reboot
Before rebooting esxi server make sure you unmount Hiren's ISO file from remote console and change BIOS to boot from hard disk. Once server is restarted and Esxi OS is loaded. After pressing F2, I am able to login with empty blank root password.
Once logged onto Esxi successfully change the password under Configure Password. As you can see Old Password is in grayed out in color means there is no password set, it is empty. Change it with new password.
Useful articles
PART 1 : INSTALLING ESXI ON VMWARE WORKSTATION HOME LAB
Reset/Restart HP ILO (Integrated Lights-outs) using putty
Reset HP ILO password from Esxi server
PART 3 : MY VSPHERE LAB CONFIGURATION ON VMWARE WORKSTATION