VMware vCenter 7 and 6 Appliance root password reset and secure password management

You forgot the password for the root account of the vCenter or want to secure your passwords used by users on you VMware environment? Then you will get everything you need to know here. Who does not know it, quickly a request to change the root password, quickly change and then at some point you realize, not documented. That is annoying. To reset your root password quickly and without much effort, you only need to follow the instructions in this article. This article is valid for VMware vCenter Appliance 6.x and 7.x. Additionally, I explain how to change the password policies for your vcenter. You can set them for the appliance itself or for the single sign-on domain user.

Reset the vCenter root password

To reset the password of the root account, you have to go to the console of the vCenter. Now restart the application and press the “e” key while booting. Now you will be presented with the option to customize the Photon OS startup options. Now add the following parameter “rw init=/bin/bash”. Add it at the end of the third line. Then hit Control+X to boot the appliance.

The appliance will now boot directly into the shell. To reset the password you can enter the following command: “passwd”.
Now you will be prompted to enter your new password for the root user and repeat this again.

Now you can reboot your appliance and login with your new root password.

Configure the password lifetime policy of your vCenter

When vCenter is installed, password change for local users is defined by default policy.

Default Policy: When you install the vCenter Server Appliance, the password lifetime for root user is set to 365 days (vCenter 6.5 or earlier) or 90 days (vSphere 6.7).

Set password policy over CLI

First option to edit the password policy is the CLI. To do that, you have to activate the service on you appliance to be able to connect. This is necessary to establish the connection.

Go to your appliance over port 5480 with your browser and log in there. Now go to the menu “Access” and activate the desired console you want to connect to.

If you have activated the desired service you can connect to you appliance.

If you want to change the password policy settings over the vCenter appliance CLI you can connect over SSH to the appliance and use one of the following commands.

chage -M 90 root #change password every 90 days


chage -M -1 -E -1 root #disable password expiration for root user

Set password policy over GUI

If you want to change the password policy over the Gui, you have to connect to the the Port 5480 of your appliance. Use a Browser to connecto to the site and sign in as root. Go to the menu “Administrator” of you appliance. Here you can change the settings of the password requirements and the expiration policy.

Click on EDIT to change the policy.

Edit password policy for Single Sign-On

You can also edit the password policy for the Single Sign-On Domain. To do that, connect over web to you vCenter UI on port 443 (not on port 5480). Login with administrator@vsphere.local.

Then to to “Home” and select “Administration”.

Choose the Menu “Single Sign On” and click “Configuration”. Here you can edit the Password Policy

Click on edit and change the policy as you want.

Click save.

Now everything is done.

To get more information check out this article: docs.vmware

Home you enjoy this short article and if you like it, share it or follow me on twitter. Also take a look on my other articles to vmware.