Below is a PowerCLI one-liner you can use to validate if all your root passwords are what you expect them to be.
get-vmhost | %{
$null = connect-viserver $_.name `
-user root -password "MyFakePassword" -EA 0
if (-not ($?)) {
write-warning "Password failed for $($_.name)"
} else {
Disconnect-VIServer $_.name -force -confirm:$false
}
}
Reset a known password over PowerCLI
Below is a short code snippet to help you change your root password on ESXi hosts.
$ESXiServers = 'esx01.domain','esx02.domain'
$CurrentPassword = 'MyFakePassword'
$NewPassword = 'F@keNrTwo'
$ESXiServers | ForEach-Object {
try {
Connect-VIServer $_ -User root -Password $CurrentPassword
Set-VMHostAccount -UserAccount root -Password $NewPassword
} catch {
throw $_
} finally {
Disconnect-VIServer -Confirm:$False -ea 0
}
}
Reset a forgotten password
If you have Enterprise Plus licenses for your hosts, your can reset the root passwords using host-profiles.
A step-by-step guide is listed below. If you don’t have this license, the easiest approach is to re-deploy ESXi.
- Right-click a host with a known to be correct root password. Select ‘Host Profile’, next ‘Create Profile from host’.
- Specify a name for the profile. Click Next, Finish.
- Click home at the top navbar, next select Host Profiles.
- Right-click the newly created profile and select ‘Edit Profile’.
- Right-Click the host profile again, and click ‘Enable/Disable Profile Configuration’. Enable.
- Deselect all configuration options, except for ‘Security configuration’β then click βOKβ’
- Now go back to ‘Hosts and Clusters’.
- Put your host in maintenance mode, next right-click and select ‘Host Profile’ then ‘Manage Profile’.
- Select the profile you’ve just created and click ‘OK’
- Finally, right-click the host, select ‘Host Profile’ then ‘Apply Profile’
