Whenever I get a already configured VMware vSphere projects handover to optimization and modernization, Sometimes I received infrastructure vCenter server with forgotten passwords either root or [email protected]. In my earlier blog I have already shows a procedure to Resetting root password in VMware vCenter Server Appliance, here I will be resetting a password of forgotten vCenter Server SSO user [email protected]. To start procedure on VCSA version 6.x or 7 login to it using ssh tools or puTTY. Type Shell command to access BASH and configuration.
All the PSC SSO AD related main commands are located inside folder /usr/lib/vmware-vmdir/bin and the the command to sso users reset utility name is vdcadmintool. Once command is executed, it prompts for choice, select option 3. Reset account password and type the SSO account UPN, in my case I want to reset administrator username, so upn name format is [email protected]. It will generate a new random password copy it or save it in file to login.
/usr/lib/vmware-vmdir/bin/vdcadmintool ======================= Please select: 0. exit 1. Test LDAP connectivity 2. Force start replication cycle 3. Reset account password 4. Set log level and mask 5. Set vmdir state 6. Get vmdir state 7. Get vmdir log level and mask ======================== 3 Please enter account UPN : [email protected] New password is - Your new password here
On the vSphere ui client, try login with the generate new password of [email protected] user.
Once authentication is successful, on the top-right side click the user name [email protected] and from drop down menu select Change Password. Type Current password and choose a new password and SAVE it.
Another way of changing password of [email protected] is navigate to Administration >> Single Sign On >> Users and Groups >> Select Users Tab >> Choose vsphere.local Domain from the list >> Select Administrator User >> Click EDIT >> Type new Password with confirm Password and SAVE it.
Above process is applicable to Vcenter 6.x, 7 and above version, To change the vsphere.local domain users password on vCenter 5.5 version there is slight change, instead of account UPN you will need to provide Account DN in the format of cn=administrator,cn=users,dc=vsphere,dc=local.
/usr/lib/vmware-vmdir/bin/vdcadmintool ======================= Please select: 0. exit 1. Test LDAP connectivity 2. Force start replication cycle 3. Reset account password 4. Set log level and mask 5. Set vmdir state ======================== 3 Account DN : cn=administrator,cn=users,dc=vsphere,dc=local New password is - your new password here
If you have older version of vCenter 5.1, you can go to /usr/lib/vmware-sso/utils folder, run command ./rsutil reset-admin-password, Enter the master password (this is root password), Then Enter the SSO administrator name to reset, example: admin. type the new password when prompted and it will show Password reset successfully message.
Useful Articles
Reset forgotten ESXi root password on Domain joined Esxi using vSphere web client and Powercli
Reset ESXi root password using Host Profiles on vCenter server: VMWare vSphere Web client
Resolved: Reset Esxi forgotten root password using hiren bootCD step by step
Generate new self-signed certificates for ESXi using OpenSSL
Push SSL certificates to client computers using Group Policy
Replacing a default ESXi certificate with a CA-Signed certificate
Troubleshooting replacing a corrupted certificate on Esxi server