Skip to Content

How to Change the Root Password on ESXi Hosts Using Host Profiles

The article explains how to change the root password on ESXi hosts using host profiles, which is a feature of vSphere that allows applying a consistent configuration to multiple hosts.

Problem

If you have ever lost or forgotten the root password of an ESXi host, you know how frustrating it can be. You cannot log in to the host, manage it, or perform any administrative tasks. You might think that the only solution is to reinstall the ESXi software, which can be time-consuming and disruptive. However, there is a better way to change the root password on ESXi hosts using host profiles.

Host profiles are a feature of vSphere that allow you to apply a consistent configuration to multiple ESXi hosts. You can create a host profile from a reference host and then attach it to other hosts or clusters. Host profiles can also be used to change the root password on ESXi hosts, even if you do not know the current password. This is a simple and secure way to reset the password without affecting the host functionality.

How to Change the Root Password on ESXi Hosts Using Host Profiles

In this article, we will show you how to change the root password on ESXi hosts using host profiles. We will also explain the prerequisites, limitations, and best practices for this method. By the end of this article, you will be able to change the root password on ESXi hosts using host profiles with ease.

Prerequisites

Before you can change the root password on ESXi hosts using host profiles, you need to meet the following prerequisites:

  • You need to have a vCenter Server that manages the ESXi hosts. You cannot use this method if you connect directly to the ESXi hosts.
  • You need to have a host profile that contains the root password configuration. You can create a host profile from a reference host or use an existing one. The reference host does not have to be the same as the target host that you want to change the password on.
  • You need to have the appropriate permissions to apply host profiles. You need the Host Profile.Host Profile privilege on the vCenter Server object and the Host Profile.Apply Profile privilege on the host or cluster object.
  • You need to have the ESXi hosts in maintenance mode. You cannot apply host profiles to hosts that are powered on or have running virtual machines. You need to migrate or power off the virtual machines before you put the hosts in maintenance mode.

Solution: Change the Root Password on ESXi Hosts Using Host Profiles

To change the root password on ESXi hosts using host profiles, follow these steps:

  1. Log in to the vSphere Client and navigate to the Host Profiles view.
  2. Select the host profile that contains the root password configuration and click Edit Settings. If you do not have a host profile, you can create one from a reference host by clicking Extract Host Profile.
  3. In the Edit Host Profile dialog box, expand Security Configuration and select Security and Services. Then, click the Configure a fixed administrator password checkbox and enter the new root password. You can also choose to generate a random password or prompt for a password during remediation. Click OK to save the changes.
  4. Attach the host profile to the host or cluster that you want to change the password on. You can do this by selecting the host profile and clicking Attach/Detach Hosts and Clusters. Then, select the host or cluster and click OK.
  5. Check the compliance status of the host or cluster. You can do this by selecting the host profile and clicking Check Host Profile Compliance. The compliance status should show as Non-compliant, indicating that the current root password does not match the host profile configuration.
  6. Remediate the host or cluster to apply the host profile. You can do this by selecting the host profile and clicking Remediate. Then, select the host or cluster and click OK. This will reboot the host and change the root password to the one specified in the host profile.
  7. Verify that the root password has been changed. You can do this by logging in to the ESXi host using the new password. You can also check the compliance status of the host or cluster again. The compliance status should show as Compliant, indicating that the root password matches the host profile configuration.

Limitations and Best Practices

Changing the root password on ESXi hosts using host profiles has some limitations and best practices that you should be aware of:

  • This method only works for ESXi 4.1 and later versions. For earlier versions, you need to reinstall the ESXi software to change the root password.
  • This method only works for hosts that are managed by vCenter Server. You cannot use this method for standalone hosts or hosts that are disconnected from vCenter Server.
  • This method requires the hosts to be in maintenance mode. This means that you need to migrate or power off the virtual machines on the hosts before you apply the host profile. This can cause downtime and disruption to your environment.
  • This method does not preserve the original root password. You cannot recover or restore the previous root password after you apply the host profile. You should always document and backup your passwords in a secure location.
  • This method does not encrypt the root password in the host profile. The password is stored in plain text in the host profile XML file. You should protect the host profile file from unauthorized access and use encryption if possible.
  • This method does not change the root password on other services or applications that use the same password. For example, if you use the same password for vSphere Auto Deploy or vSphere Replication, you need to change the password on those services as well.

Frequently Asked Questions (FAQs)

Here are some frequently asked questions about changing the root password on ESXi hosts using host profiles:

Question: What is the default root password for ESXi hosts?

Answer: There is no default root password for ESXi hosts. You need to set the root password during the installation or deployment of the ESXi software. You should always choose a strong and unique password for the root user.

Question: How can I change the root password on ESXi hosts without using host profiles?

Answer: You can change the root password on ESXi hosts without using host profiles by logging in to the ESXi host and using the passwd command. However, this method requires you to know the current root password. If you do not know the current root password, you need to reinstall the ESXi software or use host profiles.

Question: How can I change the root password on ESXi hosts without rebooting?

Answer: You cannot change the root password on ESXi hosts without rebooting. Applying a host profile requires a reboot of the host to take effect. This is because the root password is stored in the /etc/shadow file, which is only read during the boot process.

Summary

In this article, we have shown you how to change the root password on ESXi hosts using host profiles. This is a simple and secure way to reset the password without reinstalling the ESXi software. We have also explained the prerequisites, limitations, and best practices for this method. We hope that this article has been helpful and informative for you.

Disclaimer: The information in this article is provided as-is and without warranty of any kind. The author and the publisher are not responsible for any errors, omissions, damages, or losses that may result from using or following the instructions in this article. You should always test and verify the procedures and results in your own environment before applying them to production systems. You should also follow the official VMware documentation and best practices for your products and versions.