Unknown ESXi root password and lost vCS access - Page 2

Przemko1 · ‎01-14-2021

Hi Dears,

We have production environment consisting of 2 ESXi 5.5 hosts with 12 VMs on it. It was managed by Windows vCS installed on physical HP server. On this server was also veeam installed and backups of VM's was done everyday evening. I used vCS Windows Client to connect to vCS. (I get this environment from someone IT guy before me) This server is connected backbone with our SAN. I don't have any spare servers. This server with veeam and vCS crashed and can't boot Windows, so also lost vCS and Veeam access. All VMs are fine and still running but can't be managed. I can connect to individaul VM remotely. After this I discovered that I don't have valid root passwords to these 2 ESXi hosts (and noone from past knows it) so can't even shut down them gracefully (because it ask me for root password) Even if I would reinstall vCS from scratch then as I assume it will ask me for ESXi root password while adding these 2 ESXi hosts to datacenter during initial configuration - as I right ?

What is best path to get out of this issue ?

Przemko1 · ‎01-20-2021

Hey @Lalegre

Thank you for confirmation. About resetting password using "host profiles" - is this method working on 5.5 ? Because in mentioned article they stated that

Related Products:

VMware vSphere ESXi

Related Versions:

VMware vSphere ESXi 6.7
VMware vSphere ESXi 6.5
VMware vSphere ESXi 6.0

so question is - is it suitable for my 5.5 to which I login via desktop Windows client because this vCS is NOT vistual appliance but installed on standalone server - does it make difference ? When I tried to login via browser ( like in newer versions) I get info about missing Flash - as we know it was accessible to download till 31.12 last year. So I thing that downloading Flash installer from some offline source is not a problem but real question is if this host profiles will work on 5.5 ? If yes then it saves me reinstallation 2 ESXi hosts and hours of work.

Lalegre · ‎01-21-2021

Hey @Przemko1,

Yes you can use it as Host Profile has been introduced in version 4.1 and you have that option in 5.5. Here is another KB which explains and references the one that I forwarded to you: https://kb.vmware.com/s/article/1317898.

Regarding the Flash issue well I did not get the solution yet from one of my labs and I tried a lot of workarounds so if you do not have access you won't be able to do it at least with a Graphical view and I am not aware on how to do it by using PowerCLI or if it is possible.

I recommend you once you complete all the steps to update your vCenter to a supported version if possible and migrate to appliance.

Przemko1 · ‎01-21-2021

Hey @Lalegre

I feel that i'm closer and closer to success ... 🙂

almost every article about resetting esxi hosts are related with newer versions like 6.0 and higher - which are accesed by web browser - like this one

https://mkr-novo2.ru/pl/multimedia/vmware-vsphere-parol-po-umolchaniyu-izmenenie-parolya-root-cherez...

or this

https://marcjenkins.blog/2018/11/08/changing-esxi-passwords-via-host-profiles/

but there are almost nothing aboul older versions like 5.x I found this https://blog.clearpathsg.com/blog/bid/301156/lost-your-esxi-root-password-reset-it-with-host-profile...

related to older version so almost same like my. But question is- because I read that this method require to have Enterprose Plus version - is it true ? I dont have it- have only Essential. Will it work ? cos I dont want to risk if its not possible with essentials - and then must prepare to reinstall hosts from scratch.

e_espinel · ‎01-21-2021

Hello.
In order to use the Host Profile feature, you must have VMware vSphere Enterprise Plus version and vCenter Server Standard.

The Essentials or Essentials Plus kit does not include the Host Profile feature and only has VMware vCenter Essentials.

Attached is a link to the features by license type.

https://learnvmware.online/2017/11/24/vmware-vsphere-license-comparison/

I recommend that when you reinstall ESXi Hosts you document all the configuration you have done including the user and password.

Enrique Espinel
Senior Technical Support on IBM, Lenovo, Veeam Backup and VMware vSphere.
VSP-SV, VTSP-SV, VTSP-HCI, VTSP
Please mark my comment as Correct Answer or assign Kudos if my answer was helpful to you, Thank you.
Пожалуйста, отметьте мой комментарий как Правильный ответ или поставьте Кудо, если мой ответ был вам полезен, Спасибо.

Przemko1 · ‎01-21-2021

Hello @e_espinel

hmm what is interesting I have that like on screen - so I see these host profiles....

and when right mouse button on particular host then --->

https://i.imgur.com/8yQUrI1.jpg

so I'm curious what's it up ?

e_espinel · ‎01-21-2021

Hello.
Please show the licenses tab you have in the vCenter server
Capture the screenshot and put it in the post, cover the keys.

As a licensed feature of vSphere, Host Profiles are only available when the appropriate licensing is in place.

If you see errors, ensure that you have the appropriate vSphere licensing for your hosts.

https://docs.vmware.com/en/VMware-vSphere/5.5/vsphere-esxi-vcenter-server-551-host-profiles-guide.pd...

Enrique Espinel
Senior Technical Support on IBM, Lenovo, Veeam Backup and VMware vSphere.
VSP-SV, VTSP-SV, VTSP-HCI, VTSP
Please mark my comment as Correct Answer or assign Kudos if my answer was helpful to you, Thank you.
Пожалуйста, отметьте мой комментарий как Правильный ответ или поставьте Кудо, если мой ответ был вам полезен, Спасибо.

e_espinel · ‎01-21-2021

Hello.
Just in case I attach a link on how to install the vSphere 5.5 Web client

https://kb.vmware.com/s/article/2058262

Enrique Espinel
Senior Technical Support on IBM, Lenovo, Veeam Backup and VMware vSphere.
VSP-SV, VTSP-SV, VTSP-HCI, VTSP
Please mark my comment as Correct Answer or assign Kudos if my answer was helpful to you, Thank you.
Пожалуйста, отметьте мой комментарий как Правильный ответ или поставьте Кудо, если мой ответ был вам полезен, Спасибо.

Przemko1 · ‎01-21-2021

Hello @e_espinel

as I said I have Essentials lic.

https://imgur.com/3VuVXMH

nachogonzalez · ‎01-21-2021

Do you have AD authentication configured on your ESXi hosts (and an account with admin permissions)?

Blog Nachogonzalez.com.ar Twitter @nachogon_

Przemko1 · ‎01-22-2021

Yes I have. To be more detail: I dont know directly ESXi hosts password but can login to vCS client with "Use Windows session credentials" checked, so I don't type any password while login to vCS.

nachogonzalez · ‎01-22-2021

Yeah, but you can connect to the vCenter using vSphere Client, not directly to the hosts (at least not with the use windows session credentials)
I'd go with host profiles if possible, else you will have to reinstall the hosts. -

Blog Nachogonzalez.com.ar Twitter @nachogon_

Przemko1 · ‎01-23-2021

yes, I can connect to vCenter using vSphere Client, but not directly to my hosts. And about host profiles - it's what was mentioned some post above and @e_espinel asked me to post screens what I did. To recall - I have essentials licence. So It's unclear for me if I can or can not use this way to reset hosts root password....

nachogonzalez · ‎01-24-2021

You won't be able to use host profiles to restore the password since they are available on enterprise plus licenses:

Please consider the following options:

1. Reinstall ESXi hosts:
This option will take downtime, the virtual machines will be safe (if you are using a shared storage), make sure you take notes of hosts configurations and if possibles dump everything into an rvtools (https://www.nakivo.com/vmware-backup/a-guide-to-vmware-vsphere-editions-and-licensing-which-one-do-y....)

2. Try to get an enterprise plus license.
I don't know if you will be able to get one enterprise plus license since 5.5 is out since September 2018.
If you are able to get a license you might be able to set the password for the hosts profiles (https://kb.vmware.com/s/article/68079)

3. (In my humble opinion, this is the best option) If you have the resources try to get new hardware and go to vSphere 6.7 or 7 so you are on supported hardware and software (and have official VMware support)

If you need further assistance, please let me know.

Blog Nachogonzalez.com.ar Twitter @nachogon_

Przemko1 · ‎01-25-2021

If this "host profile" is only visible in panel in highest version then why I see it ?

I know that best option is to purchase new hardware and install on it new 6.7 or 7 version but in earlier step I want to get control over these ESXi hosts.

So maybe regardless I have Essentials version I can use these hosts profiles function ? Otherwise why do I see them ? (screen some posts above)

nachogonzalez · ‎01-25-2021

I think there is confusion here.
I don't remember every licensing method and feature, but there are at least 4 levels/types
Most VMware UI's have all the features visible, some features will fail if you don't have the proper license, others will be greyed out (DRS for example)

What you can do is try to create a reference host profile (Right-click the host --> host profiles --> Create profile from host...
If you have a license limitation (as stated) it will fail.

Else, you need to edit the host profile as described on this KB
https://kb.vmware.com/s/article/68079

(which also states this:
Resolution
NOTE: Host profiles are a feature available on VMware vSphere Enterprise Plus license only. For more information refer to vSphere Host Profiles
Any other method is unsupported and reinstalling the ESXi host is the only supported way to reset a password on ESXi.)

Let me know if you need further assistance.

Blog Nachogonzalez.com.ar Twitter @nachogon_

Przemko1 · ‎01-25-2021

ahh, yes , maybe its the case, must check this but must set good maintenance window for this work and then will report. Thank you for support.