Missing the ESXi root password

April 7, 2021 0 By Allan Kjaer

I just had a support case, with customer that did not know the root password of there ESXi host because they are managed by a service provider and i needed access to one of them for some troubleshooting.

My good colleague Christian Møller has blogged about how to reset the root password in this blog, but the hosts are managed by a service provider, so i did not want to change the root password.

I did have administrator access to the vCenter, so instead of changing the the root password thru PowerCLI, I used PowerCLI to create an additional admin on the host for the troubleshooting, using this script:

#connect to the vCenter
connect-viserver <vCenter FQDN>

#get the ESXi host
$vmhost = get-vmhost -name <ESXi host FQDN>

#connect to the "esxcli" command environmant
$esxcli = Get-EsxCli -VMHost $vmhost -v2

#create temp user
$arguments = $esxcli.system.account.add.CreateArgs()
$arguments.id = 'tempuser'
$arguments.password = 'TempPass1!'
$arguments.passwordconfirmation = 'TempPass1!'
$esxcli.system.account.add.Invoke($arguments)

#Set tempuser to Admin
$arguments = $esxcli.system.permission.set.CreateArgs()
$arguments.id = 'tempuser'
$arguments.role = "Admin"
$esxcli.system.permission.set.Invoke($arguments)

NOTE: Please understand what the script are doing and, you ar using this script at your own risk, so please test before using it.

After this a could connect to the ESXi host, and do the troubleshooting, and after finishing this, i deleted the user again, since I used a bad password for this, and not leaving a user on the host that the service provider is not aware of.

NOTE: It’s a good idea to remove the user afterward again, this can also be done thru PowerCLI.

#connect to the vCenter
connect-viserver <vCenter FQDN>

#get the ESXi host
$vmhost = get-vmhost -name <ESXi host FQDN>

#connect to the "esxcli" command environmant
$esxcli = Get-EsxCli -VMHost $vmhost -v2

#remove tempuser
$arguments = $esxcli.system.account.remove.CreateArgs()
$arguments.id = 'tempuser'
$esxcli.system.account.remove.Invoke($arguments)
Please share this page if you find it usefull: