ESXi Password Recovery or Migration Path

Question

I am unable to connect via vSphere or SSH to an ESXi hypervisor box that manages two important virtual machines. I do not recall changing any passwords and the data centre does not have any credentials. I suspect we messed up sshd_config, since I have tried every password I know 50 times.

If I restart the hypervisor, e.g. to reinstall ESXi, the VMs will stop and not be restarted automatically, which would be disastrous if we cannot reclaim access to the hypervisor.

What are my password reset/recovery options to get root access to the same hypervisor configuration with no data loss and as little downtime as possible?

If there is no way to reset root password, what safe steps can I take to backup/snapshot the two VMs (one Ubuntu, one Windows 2008 Server) and move them to a fresh server, bearing in mind that I cannot SSH into the hypervisor?

Edit: Great feedback so far, thanks guys. More details: Local storage, RAID-1, pretty standard hardware otherwise. Yes, I can arrange physical access to the box or schedule maintenance at the data centre. AFAIK, vSphere uses SSH to talk to the hypervisor, but I could be wrong here.

Have you tried connecting via vSphere? (suppose this wouldn't matter if you use the same credentials here as SSH) — jlehtinen, Jan 14 '14 at 21:50
What version of ESXi? What datastore are the VMs stored on (local storage, SAN, etc.) ? — jlehtinen, Jan 14 '14 at 21:51
you might try copying your virtuals with Vcenter converter https://www.vmware.com/pdf/convsa_55_guide.pdf before anything catastrophic happens. — user16081-JoeT, Jan 14 '14 at 22:05
You can back them up using vmware converter like any other physical or virtual machine. — JamesRyan, Jan 14 '14 at 22:06
Why do you need to use SSH to connect to the host? Do you not have vSphere client access? Or is your question that you don't know the root password at all? — ewwhite, Jan 14 '14 at 22:06
Also, what type of hardware is this? Is a SAN involved, or is storage local? — ewwhite, Jan 14 '14 at 22:07
@ewwhite it's a PC, not a blade server or anything like that, if that's what you mean? — Petrus Theron, Jan 14 '14 at 22:51
I'm trying to figure out if you have an underlying storage issue on the datastore which could prevent proper reading of the password attributes. I ask because you say you don't recall changing the password. — ewwhite, Jan 14 '14 at 22:53

jlehtinen · Answer 1 · 2014-01-14T23:34:46.757

Generally speaking, you can't reset a lost root password on ESXi. I'm going to assume that you do not have any other form of access to the server either (vSphere, or other non-root accounts). This means that you cannot perform a backup or snapshot of the VMs using any client-side tools.

Option #1) Reinstall ESXi. Good news is you can reinstall and your VM's won't be touched. Bad news is someone at the data center will have to do this, and you'll have to trust them not to screw it up. [edit] You mention you can arrange physical access, so this is less of a concern as you can complete this yourself!

Start by powering off your VMs. Then power off the ESXi host (you'll have to hold the power button). Next, boot off an ESXi installation CD.

During the install process, the installer will detect the existing version of ESXi. It will prompt to either overwrite, or preserve the existing VMFS datastores. You want to preserve them! After this, the installation continues as normal and you'll end up with a vanilla ESXi install.

After a reboot, a data center tech will need to configure stuff like your IP settings, and then they can hand it off to you. First thing - you'll need to log in via vSphere, and re-attach your VM's. Open the datastore, browse to the VM folder, right-click on the .vmx, and choose "Add to Inventory". (Be sure to double check the VM settings to be safe.)

At that point, you should be able to power the VMs on with no issue. If you are asked if you "moved or copied" the VM, choose "moved".

Option #2) You edited your post to mention it's a RAID-1 and you can arrange physical access.

You could power off the server, pull 1 drive, and connect it to another box. Copy the VM files off as a backup. Re-attach the drive to the original server and complete Option #1 above to restore access.

ESXi Password Recovery or Migration Path

1 Answers1