Professional Documents
Culture Documents
Resolved - Reset Esxi Forgotten Root Password Using Hiren bootCD Step by Step
Resolved - Reset Esxi Forgotten Root Password Using Hiren bootCD Step by Step
Reset forgotten ESXi root password on Domain joined Esxi using vSphere web client and Powercli (http://vcloud-
lab.com/entries/esxi-installation-and-con guration/reset-forgotten-esxi-root-password-on-domain-joined-esxi-using-
vsphere-web-client-and-powercli)
Reset ESXi root password using Host Pro les on vCenter server: VMWare vSphere Web client (http://vcloud-
lab.com/entries/vcenter-server/reset-esxi-root-password-using-vcenter-server-vmware-vsphere-web-client)
This is third part of the above related articles reset forgotten root password on esxi and there is a disclaimer Use this
procedure on your own risk because method mentioned here is unsupported by VMware and uno cial. Before
making any changes to Esxi make sure you have taken complete Esxi server con guration backup. Also to reset esxi
root password using o ine ISO, you will require reboot so make sure you plan and put Esxi server into maintenance
mode, this will ensure no VMs are running on subjected Esxi host and it is good for activities. This document I
created for my colleague who are windows administrator and bit hesitant on using Linux command to make
changes, 80% changes are made using Linux user interface.
For this demo, I have downloaded hiren boot cd from url location http://www.hirensbootcd.org/download/. I mostly
use either Dell or HP server, and use DRAC and ILO respectively for remote console. Once ISO is mounted on ILO or
DRAC of server, Reboot esxi and go to BIOS and change BOOT option to CD-ROM, Exit with saving changes, One
more time server is rebooted and ISO boot is loaded.
(/ les/images/vmware-vsphere-esxi-physical-server-bios-basic-input-output-phoenixBios-set-boot-cd-rom-drive-
reset-esxi-server-root-password.png)
Once server is booted from bootable Hiren's BootCD, Select 3rd option from the list >> Linux based rescue
environment (Parted Magic), and hit enter to start live CD OS.
(/ les/images/vmware-vsphere-esxi-hiren-bootcd-iso-16.2-grub2dos-boot-from-iso-linux-based-rescue-environment-
%28Parted-Magic%29-reset-password-esxi.png)
Next hit enter on Start (Options: Language us). This will start loading OS from CD.
(/ les/images/reset-esxi-root-password-hiren-bootcd-start-options-grub2dos-password-reset-root-esxi-vmware-
vsphere-esxi-uno cial-unsupported.png)
Once OS is loaded, There is Partition Editor software icon on the desktop, double click it, this loads Gparted utility.
Here in the partition lists Esxi con guration is stored on physical hard disk partition /dev/sda5 and /dev/sda6. As Esxi
maintains con guration backup, For Esxi 6.5 sda5 partition contains backup of esxi con guration les/folders, and
Sda6 has current con guration les and folders.
(/ les/images/vmware-vsphere-esxi-reset-6.5-root-password-dev-sda5.-hiren-bootcd-fat-16-partition-mount-using-
bootable-ubuntu-CD-dvd-reset-any-password-o ine.png)
I am going to mount both the drive one by one rst I am going to show it for Sda5 then same con guration need to
be done on sda6 as well. First right click on /dev/sda5 and click Mount, then select the mount location to /dev/sda5.
(/ les/images/vmware-vsphere-esxi-reset-root-password-using-hiren-boot-cd-isouno cial-partition-editor-dev-sda-
dvice-mount-mdeia-mnt-Gparted-utility.png)
Once Esxi partition is mounted successfully, open File Manager icon on desktop twice and on rst le manger
navigate to sda5 250M/media/sda5 and on other le manager go to folder location /tmp. Locate le name state.tgz
from folder path /media/sda5, copy it and paste it under /tmp folder.
(/ les/images/vmware-vsphere-esxi-bootable-hiren-bootcd-ubuntu-reset-root-password- lemanager-esxi-state.tgz-
tar- le-media-sda-tmp-copy- le.png)
Once le is copied, under /tmp, either double click state.tgz or right click it go to context menu Open>> Extract. This
untar/unzip data under state folder.
(/ les/images/copy-state.tgz- le-extract-tar- le-esxi-6.5-reset-root-password-vmware-vsphere-command-line-using-
hiren-bootcd-bootable-uno cial-unsupported-risk.png)
There is a untarred local.tgz le under folder /tmp/state now. Double click local.tgz or in the context menu right click,
Open then extract it, to the local folder, inside local folder there is etc folder.
(/ les/images/vmware-vsphere-esxi-state-tgz-local-tgz-con guration-copy-esxi-root-password-con guration-reset-
esxi-6.5-root-password.png)
Go to the path /tmp/state/local/etc. Find shadow le inside, right click and open it with Text Editor as shown.
(/ les/images/vmware-vsphere-esxi-reset-root-administrator-password-extract-local.tgz-state.tgz-Shadow- le-
passwd-reset-root-uno cial-unsupported.png)
Passwords are registered under shadow le, Remove the hash info, this is encoded password (This almost
impossible to break or decrypt dcode this password). Removing this code means root password is made empty or
blank. Save this le.
(/ les/images/vmware-vsphere-esxi-reset-change-root-password-using-shadow- le-passwd.-esxi-rroot-reset-using-
iso- le-of-hiren-bootable-root-entry-grep-vpxuser-daemon-dcui-nobody.png)
Next open RoxTerm from taskbar, this is similar to putty or Terminal command tool. Type command cd
/tmp/state/local. This location has the esxi con guration les and modi ed shadow folder with blanked root
password inside etc folder. Tar the etc folder using tar -czf local.tgz etc and next run next command tar -czf state.tgz
local.tgz, to make ready state.tgz.
As you can see when I list the directory. I see local.tgz and state.tgz already present, because I tested it before hand,
running tar command again update both tgz le. No need to rerun tar command again and again, this is just for
demo purpose.
(/ les/images/vmware-vsphere-
esxi-reset-forgotten-esxi-password-using-iso-roxterm-putty-hiren-boot-cd-state.tgz-local.tgz-change-direcotyr-temp-
state-local-tar-czf-tgz- le.png)
Here I am copying processed state.tgz le from /tmp/state/local to /media/sda5 ESXi server, this will show message
of overwrite, as le already exist. Go ahead with the same and replace it.
(/ les/images/vmware-esxi-reset-forgotten-password-o ine-vsphere-vmware-esxi-state.tgz-local.tgz-overwrite-
state.tgz-etc- le-and-passwd- le.png)
Next on GParted partition editor, right click sda5 device (it shows a lock means it is mounted) and click unmount.
(/ les/images/reset-esxi-forgotten-root-password-using-hiren-boot-cd-Ui-dev-sda5-sda6-fat-16-root-password-
changed-unmount-media-manage- ags-o ine-password-reset-administrator.png)
Next Do the same for /dev/sda6 partition, mount it, copy state.tgz, untar, and under local/etc folder local shadow le
and make necessary changes to root user by removing hashed encoded password string. You can also perform this
trick completely using command line on RoxTerm as below.
# Untar state.tgz le
tar -xzf state.tgz
# Untar local.tgz le
tar -xzf local.tgz
# Change directory location to etc
cd etc
# Edit shadow le using vi editor, Press i to start editing, once password hash is removed, press esc button and save
it with :wq.
vi shadow
Before rebooting esxi server make sure you unmount Hiren's ISO le from remote console and change BIOS to boot
from hard disk. Once server is restarted and Esxi OS is loaded. After pressing F2, I am able to login with empty blank
root password.
(/ les/images/vmware-vsphere-esxi-empty-dcui-password-no-password-authentication-required- nd-password-
reset-password-log-in-name-hiren-boot-cd.png)
Once logged onto Esxi successfully change the password under Con gure Password. As you can see Old Password is
in grayed out in color means there is no password set, it is empty. Change it with new password.
(/ les/images/vmware-esxi-con gure-root-password-without-knowing-change-root-password-unknown-password-
no-passoword-change-esxi-root-o ine-password-hiren-boot-cd.png)
Useful articles
PART 1 : INSTALLING ESXI ON VMWARE WORKSTATION HOME LAB (http://vcloud-lab.com/entries/general/installing-
esxi-on-vmware-workstation-home-lab)
Reset/Restart HP ILO (Integrated Lights-outs) using putty (http://vcloud-lab.com/entries/windows-2016-server-
r2/reset-restart-hp-ilo-integrated-lights-outs--using-putty)
Reset HP ILO password from Esxi server (http://vcloud-lab.com/entries/esxi-installation-and-con guration/reset-hp-
ilo-password-from-esxi-server)
PART 3 : MY VSPHERE LAB CONFIGURATION ON VMWARE WORKSTATION (http://vcloud-
lab.com/entries/general/part-3-my-vsphere-lab-con guration-on-vmware-workstation-)
Go Back
Comment
Name:
E-mail:
Website:
Comment:
I'm not a robot
reCAPTCHA
Privacy - Terms
Submit
BLOG SEARCH
Search
PAGE VIEWS
2505514
SUBSCRIBE TO OUR EMAIL NEWSLETTER & RECEIVE UPDATES RIGHT IN YOUR INBOX (550+ USERS).
SUBSCRIBE NOW !
ARCHIVE
May 2019 (/entries/2019/5) (5)
April 2019 (/entries/2019/4) (11)
March 2019 (/entries/2019/3) (5)
February 2019 (/entries/2019/2) (2)
December 2018 (/entries/2018/12) (1)
September 2018 (/entries/2018/9) (4)
July 2018 (/entries/2018/7) (3)
June 2018 (/entries/2018/6) (7)
May 2018 (/entries/2018/5) (12)
April 2018 (/entries/2018/4) (9)
Show all...
COMMENTS
Advertise Here Advertise Here
ichayan
How to replace default vCenter VMCA certi cate with Microsoft CA signed
certi cate (/entries/vcenter-server/How-to-replace-default-vCenter-VMCA-
certi cate-with-Microsoft-CA-signed-certi cate)
May 8, 2019 02:55PM
Kunal (http://vcloud-lab.com)
PowerShell remoting over HTTPS using self-signed SSL certi cate (/entries/powershell/powershell-remoting-over-
https-using-self-signed-ssl-certi cate)
May 3, 2019 09:54AM
Kunal (http://vcloud-lab.com)
How to replace default vCenter VMCA certi cate with Microsoft CA signed certi cate (/entries/vcenter-server/How-to-
replace-default-vCenter-VMCA-certi cate-with-Microsoft-CA-signed-certi cate)
April 29, 2019 10:15PM
ichayan
How to replace default vCenter VMCA certi cate with Microsoft CA signed certi cate (/entries/vcenter-server/How-to-
replace-default-vCenter-VMCA-certi cate-with-Microsoft-CA-signed-certi cate)
April 29, 2019 04:17PM
© 2016 - 2020 vcloud-lab.com