So, you find yourself in a situation where you have lost the root password for your ESXi host(s). Luckily there are multiple ways of resetting it – but the best method depends on the exact situation. Ill try to outline three different scenarios (of course, more exists) – maybe your are placed in a completely different scenario but maybe this post can help you anyway.
Scenario 1: The ESXi host is standalone or is not connected to the vCenter server at the moment.
This is the hard way. It will be necessary to boot of a “Live Linux CD/DVD” – Ill not go in to details since you can find a nice guide on this here: Link – in this situation there will be downtime on the host(s) – hopefully you have redundancy.
Scenario 2: The ESXi host is connected to the vCenter server and you have VMware ESXi Enterprise Plus licenses
Since vCenter is connected to the ESXi host(s) it’s possible to use its “Super Powers” to reset the password and since you have Enterprise Plus licenses you can do that in a simple way with the feature “Host Profile”. You can find a nice guide on this, right here: Link
Since applying host profiles requires the host to be in “maintenance mode” you must have redundancy in place to avoid downtime on your VMs – if you don’t have the resources available for doing this, then don’t panic. Carry on to “Situation 3”
Scenario 3: The ESXi host is connected to the vCenter server and you are using standard licenses.
This method requires that you have PowerCli installed. When PowerCli is in place you connect to your vCenter server and then with a few lines of code, you ask vCenter to set the password for the root account on a specific ESXi host.
Here is the code (remember to change the hostname in the first line):
$esxihost = Get-VMHost <hostname>
$esxcli = Get-EsxCli -VMHost $esxihost
Your root ESXi password is now set to: NewPassword!
I like this method because is simple and can be done without interrupting the hosts and VMs.
Remember to check if you have any services that actually connects to ESXi hosts (like hardware monitoring etc.) with the “root” account – then you might have to update the password there as well.