Thursday, October 6, 2011

Resetting a forgotten root password of an ESXi 4.1 server with a “Repair” install

I was asked by a client earlier this week for the root password of an ESX 4.1 server one of my colleagues installed.  While we did get a response from my colleague before he flew off on vacation, we weren’t able to log in after numerous attempts with all the variations we could think of.  The next step was to reset the password and as most administrators know, resetting an ESX server was fairly easy but an ESXi server wasn’t.  The only VMware supported way which had a public KB (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1317898) was to perform a “Repair” via an installation disk on the ESXi server.  Now before the reader begins wondering why it was important that we recovered the password, it’s because we had a local datastore on the local disks of the server that had virtual machines running on it.  With that being said, the alternative to performing a “Repair” was to boot from a linux CD and fiddle around with the shadow file and because I haven’t done this before, I wasn’t prepared to try it out on a production ESXi server.

While the client did agree that he’s willing to take the safer route which was to perform a “Repair” on the ESXi host, I faintly remembered that the last time I did such a repair, all of the configuration on the server was lost.  This prompted me to ask if we had information about all the port groups the ESXi server had and as expected, we didn’t.  What we did in the end was the unsupported method of resetting the password but this post will show “how to” and what happens to an ESXi server when you prefer a repair on the hypervisor.

Obtain an ESXi CD or DVD with the same major release (i.e. 4.1 or 4.1 U1 for a 4.1 server) and boot the server into the installer:

image

Choose the Repair option by hitting the R key:

image

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:  Make sure you DO NOT use the Install option or you’ll see the following screens:

image

image

If you see the following message:

You have selected a disk that contains at least one partition with existing data.

If you continue the selected disk will be overwritten.

… then you have selected the WRONG option.

image

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Proceed with agreeing to the EULA:

image

Select the partition you would like to install ESXi:

image

Note that you will now be presented with the following message:

Confirm Disk Selection

You have selected a disk that contains at least one partition with existing data.

The partition table on the disk will be examined before the recovery process begins. If any VMFS partitions are found an attempt will be made to preserve them. You will be notified if any potential problem is encountered before any destructive operations occur on the disk.

The message above is what we want to see.

image

Proceed to confirm with the install:

image

You’ll notice that the repair will now being:

image

image

Upon completion, you will asked to reboot the server:

image

image

The server will proceed to reboot and boot into ESXi:

image

Upon successfully booting into ESXi, you’ll notice that your management network IP is now back to 0.0.0.0:

image

Proceed with logging in via the root account with a blank server, navigate to your management network’s NICs and you’ll notice that your vmnics for the management network will be back to the defaults:

image

Logging into the server via the vSphere Client will show that you pretty much have a plain new install in evaluation mode:

image

image

However, you’ll notice that your VMFS volume was left untouched:

image

… and there you have it!  Make sure you have all the information you need to reconfigure your ESXi host if you are going to perform a repair on the hypervisor.

I’ll be writing another blog post about resetting the password via the shadow file when I get the chance.

2 comments:

vLinux Freak said...

Hey Terence nice blog, it helped me alot :D Keep posting such stuffs.

Anonymous said...

Hi Terence
repair helped me reset the root pwd
and saved me from having to move big vms to another host to resintall this host

Thanks a lot for this nice blog