It might happen to forget and maybe oversee the notification about the expiry date for the root account or the user account used to login to the vSphere Client and VMware Appliance Management console. So what do when it’s too late and VMware VCSA root password is expired? Not to worry the actual procedure to recover and update with a new password is very simple. It is important to note the steps below refer to an expired password rather then a lost password. In this case the procedure is different and requires different steps by mounting the boot environment in read/write mode and update the password from there. All details are covered in the official VMware KB article.
Update the VMware VCSA root password
In case the VMware VCSA root password is expired it is still possible to recover and update with a new root password. A sign of an expired password will usually show a message in the VMware Appliance Management console already.
In this case it is possible to connect to the VM console of the VMware appliance itself and press “F2” to login to the VMware Appliance console directly.
This is where the old password is inserted. This is the only location where the old password can still be used.
Next is to check the option “Configure Root Password”.
By default the BASH Shell is disabled. With the option selected and “Enter” will now enable the option to run the BASH commands directly in the VMware VCSA Appliance.
Next step is to login with default root and “old” password. As expected the welcome menu will show the type of commands to use, API, Plugins and BASH commands. Next is to type shell and enter.
The shell access has now been granted to the root user which can simply issue the “passwd” command to update and confirm the new password.
At this point is possible to use the new password and login to the VMware VCSA Appliance. In the “Administration” section it is possible to tweak the password expiration settings as desired. It is worth noting the “Access” section allows to disable again the BASH shell and other methods like SSH login, DCLI and Console CLI.