I just had a support case, with customer that did not know the root password of there ESXi host because they are managed by a service provider and i needed access to one of them for some troubleshooting.
I did have administrator access to the vCenter, so instead of changing the the root password thru PowerCLI, I used PowerCLI to create an additional admin on the host for the troubleshooting, using this script:
#connect to the vCenter connect-viserver <vCenter FQDN> #get the ESXi host $vmhost = get-vmhost -name <ESXi host FQDN> #connect to the "esxcli" command environmant $esxcli = Get-EsxCli -VMHost $vmhost -v2 #create temp user $arguments = $esxcli.system.account.add.CreateArgs() $arguments.id = 'tempuser' $arguments.password = 'TempPass1!' $arguments.passwordconfirmation = 'TempPass1!' $esxcli.system.account.add.Invoke($arguments) #Set tempuser to Admin $arguments = $esxcli.system.permission.set.CreateArgs() $arguments.id = $user $arguments.role = "Admin" $esxcli.system.permission.set.Invoke($arguments)
NOTE: Please understand what the script are doing and, you ar using this script at your own risk, so please test before using it.
After this a could connect to the ESXi host, and do the troubleshooting, and after finishing this, i deleted the user again, since I used a bad password for this, and not leaving a user on the host that the service provider is not aware of.
NOTE: It’s a good idea to remove the user afterward again, this can also be done thru PowerCLI.
#connect to the vCenter connect-viserver <vCenter FQDN> #get the ESXi host $vmhost = get-vmhost -name <ESXi host FQDN> #connect to the "esxcli" command environmant $esxcli = Get-EsxCli -VMHost $vmhost -v2 #remove tempuser $arguments = $esxcli.system.account.remove.CreateArgs() $arguments.id = 'tempuser' $esxcli.system.account.remove.Invoke($arguments)