This post has already been read 11858 times!
This article will describe a small but potentially critical “feature” of the VMware vRealize / vCac Appliance that you may be unaware of.
Since vCenter 5.5 across the board VMware have put an expiry limit on the root account of the appliances of 90 days. Whilst this is great for security it has the potential to cause major issues when trying to SSH onto the appliance or trying to log into the VAMI interface.
Initially you may think you are typing in your password incorrectly as you will see the below message, however if you are SURE the password is right then you may need to reset the root password.
You will have to reset the root password of the appliance.
VMware provide a nice blog post on resetting the password expiry to 90 days here but I am going to detail the steps to unlock the account, reset the password and stop the account expiring in the future.
First you will have to boot the appliance and press the space bar to access the advanced boot options. In the below example I am using a vCac 6.1 Appliance but you can do the same on a Identity Appliance, vCenter Appliance or vRealize Appliance.
Press e to edit the boot options.
Select the Kernel boot mode and select e again to edit the command line for the boot up sequence
Append “init=/bin/bash” (without the quotes) to the end of the boot line and press enter and then b to boot the appliance up.
Once booted you can reset the root password by typing “passwd” (without quotes)
now type in “more /etc/shadow” (without the quotes)
This will show you the root account status. If field 1 starts with an x then the account is locked, also field 5 will contain the number of days that the account will expire in. You will want to reset this, type in the following.
chage -E -1 -M -1 root
you will get a prompt stating that “Aging information Changed”
This will have removed the expiration date and unlocked the root account ready for use. You can now reboot the appliance and wait for it to come up again.
Once it is back up you can navigate to https://appliancename:5480 and login as root with your new password. If you navigate to the Admin tab you will see that the root account is now set to never expire.
If you do this please make sure you have a secure password set for the root account.
This is more of a gotcha on this. My Admin password for the root account contains a # I set this on the console for the appliance and then when I was logging into the VAMI it was still coming back with password incorrect. Weirdly the console # key comes out as a backslash (\). So if you use a # in your password replace it with a \ when logging into the VAMI – you will probably find you can actually log in :o)
Thats it – as always please comment and share.